Thinking about DES
Originally by Luther Martin, Chief Security Architect, Voltage Security.
The beginning of modern information security can probably be traced back to the creation of the Data Encryption Standard (DES) as Federal Information Processing Standard 46 by the US National Bureau of Standards in 1977.
Advances in technology eventually rendered DES obsolete and it was officially withdrawn as a standard in 2005. During the 28 years when DES was an active standard, the information security industry was essentially born, passed through a painful adolescence in the dot-com era and eventually reached the point today where it’s a relatively mature field. You can now get both undergraduate and graduate degrees in information security, and if you do this, you’ll be studying technology that didn’t exist when DES became a standard.
An early government publication about DES can provide some insight into exactly how far things have come since the early days of the field, so let’s take a closer look at “Privacy Data: The Data Encryption Standard Provides Valuable Protection,” United States Government Accounting Office Transfer Paper 8, from March of 1987, a paper that was actually published 10 years after the standardization of DES.
With today’s 20/20 hindsight, the discussion of the security provided by DES in this paper seems almost amusing. Like when it cites the original DES standard to justify the relatively modest level of cryptographic strength that DES provides:
The expected number of tests to recover the correct key is 255. Thus, at a rate of one microsecond per test 1142 years would be required to recover the correct key.
Using today’s technology, it’s actually possible to recover a DES key in just a few hours, so while DES might have provided an adequate level of protection when it was first introduced, it probably doesn’t do this today.
And while the GAO paper was written a full decade after the invention of public-key cryptography, it didn’t seem to realize the full possibilities of its use:
Some observers feel that the eventual preferred communication system may incorporate two encryption systems: the DES for the secure transmission of data proper and another type of system that will only be used for the key-management portion of the transmission.
That’s exactly what’s done today in TLS, the protocol that’s used to provide secure sessions to millions of web servers today, although DES has almost universally been replaced by stronger alternatives.
The most interesting part of the GAO paper may actually be the description of a way to generate cryptographic
keys for use by DES. Today, to generate a key for a symmetric algorithm like DES you would just call one of the many pseudo-random number generators that are available. Back in the early days of DES, things were apparently much more difficult. Here’s how the GAO paper describes a way to generate a DES key:
Since a randomly generated keyword offers the greatest security, the following procedure is offered as a fast, unbiased method of generating random numbers:
1. Obtain 7 coins, paper, and a pencil.
2. Shake coins in cupped hands.
3. Without observing states (“heads” or “tails”), place coins on table and keep covered with hand.
4. Extract one coin from the group and record its state – e.g., “heads” is “1” and “tails” is “0.” (Optional: record state of coin on DES keyword recording form, figure 3.2) Repeat for each of the next 6 coins.
5. Select the parity bit so that the total number of “1’s” in the 8-bit byte is odd (i.e., including the parity bit itself).
6. Repeat steps 1-4 to generate seven more bytes.
7. Translate successive 4-bit groups into their hexadecimal representation and use the resulting 16-digit hexadecimal number as the DES keyword.
That’s right – they’re actually describing a way to generate DES keys by flipping coins! The GAO paper even includes a handy printer-ready table (the DES keyword recording form that’s mentioned in step 4 of this process) for help in organizing the bits that you might generate in this way.
Things have definitely changed a lot since 1987.
Reading this GAO paper also left me with some questions that there’s no obvious right answer for: How will today’s guidelines for using encryption look to people 20 to 30 years from now? Will the HIPAA privacy rules seem quaint and archaic? Will the PCI DSS seem like a reasonable set of guidelines?
I think I know the answers, of course, but only time will tell if I’m right or not.