Wow! It's like the night before Christmas all over
Encryption Land!~ Because just HOURS from now the
Encryption Fairies at the National Institute of Standards
and Technology will announce the Advanced Encryption
Standard (AES), the new government-mandated way to encrypt
The NIST has been evaluating all kinds of different encryption algorithms to
choose the new encryption standard that all Federal agencies have to use for
their datur encryption needs. People familiar with encryption know that the
PREVIOUS government-mandated algorithm, the equally-boringly-acronymed Digital
Encryption Standard (DES), is so goddamned
ubiquitous that it's part and parcel of practically every commercial or Free
Software encryption package in existence.
But good ol' DES and its big brother, Triple DES, are getting a little long in
the tooth, so to speak. The original DES, which uses a piddly 56-bit length
key, was cracked by the Electronic Frontier Foundation to show that it
sucked and was poor protection for people's privacy. So it seems to all parties
concerned -- including, strangely, the Feds -- that it's time to get a new
encryption algorithm on the table.
Now, the AES search has come to a close, and TOMORROW the NIST makes its
announcement about new encryption standard. There are a few cool factors about
this whole thing. ONE is that the whole damn thing has taken place in the open
air, with source code available for all implementations, and lots of academic
conferences and shit to decide on the right standard. This is the Right Thing.
Second, no talk about "key recovery" standards. Those are algorithms where the
Feds can basically build a back-door into the encryption system to take your
encrypted datur if they feel like it. "Key recovery" systems tend to be very
closed-source, back-room, fuck-you-if-you-don't-like-it-we're-the-feds type
systems. There have been proposed standards for back-doored encryption coming
out of the White House for years -- it's nice to see that it's not even
mentioned here. Let's just all agree that back doors suck ass, both for the
public and private sector, and move on, shall we?
Third, the NIST is threatening LEGAL ACTION under anti-trust laws to anyone who
submits an algorithm without specifying in detail the intellectual property
implications (patent, copyright, etc.) for the algorithm. Which, like,
BEAU-JO-FUCKING-LAIS!, and royal fuck-yous all around to ambush-patent-pirates
But the SUPER COOL part of the whole AES thing -- the part that completely
rocks ass -- is that, of the 5 finalist algorithms, THREE of them (Serpent,
Twofish, and Rijndael, are patent or copyright free. That's right! It's
possible that the next standard for encryption will be an open algorithm,
subjected to academic scrutiny by the cryptographic community, and in the
public domain. Which, like, huzzah!
So, if you see this article in time, rush on over to the NIST Web site and
watch the Real Video LIVE VIDEO SIMULCAST of the announcement of the AES
standard. Yippity fuck! Let's do some encrypting!