NIST defines cryptology standards for the federal government that are intended for unclassified uses and is recognized as the nation’s leading authority on sensitive but unclassified encryption. In 1977, NIST endorsed DES (56-bit) as the encryption algorithm for securing federal LMR communications. By the late 1990s, the DES algorithm had been compromised multiple times with greater efficiency and in less time. These successful “cracks” of the algorithm were widely reported on a variety of internet media sites and today there are various tools and techniques readily available to compromise the DES algorithm. In 2005, NIST withdrew approvals of DES and published the FIPS 197 establishing AES as the federal standard for the protection of sensitive, unclassified information as compulsory and binding for all federal departments and agencies. DES derivatives, such as Triple DES and Simplified DES, and the various modes of operations, including DES-Cipher Block Chaining (CBC), DES-Cipher Feedback (CFB), DES-Output Feedback (OFB), DES-Electronic Code Book (ECB), and DES-Counter (CTR) are also considered to be easily compromised through similar brute-force attacks.
As computing technology evolves toward Quantum Computing capabilities, which are principles of quantum mechanics that allow quantum computing machines to solve mathematical problems that are challenging or impossible for traditional computers to tackle, NIST continues to assess the current cryptographic protections and implications these next generation computing machines will have when used to mount brute-force attacks against encryption algorithms.1 NIST’s present guidance is that current applications can continue to use AES with key sizes 128, 192, or 256 bits. NIST will issue guidance regarding any transitions of symmetric key algorithms and hash functions to protect against threats from quantum computers when it can foresee a transition need. Until then, users should follow the recommendations and guidelines NIST has already issued.
Read the whole report here.
