Crypto proposal faces long journey
Rijndael algorithm needs conformance, interoperability tests before implementation.
WASHINGTON, D.C. - The National Institute of Standards and Technology earlier this month selected the encryption algorithm called Rijndael as the preferred 128-bit encryption for the government, but NIST has to tackle conformance testing and other issues before Rijndael shows up in any products.
Sign up for the Security or Security and Bug Alert newsletters.
Conformance tests would ensure that vendors implemented the Rijndael technology properly, and would help drive interoperability. NIST is promising to conduct conformance tests of products after Rijndael, designed by Belgian cryptographers Vincent Rijmen and Joan Daemen, is officially designated the Advanced Encryption Standard (AES). That action isn't expected to occur until July, making it unlikely the new and largely unknown Rijndael will be used any time soon.
"It's a very good symmetric algorithm, but we won't see widespread use of this for a number of years," predicts Scott Schnell, senior vice president of security at RSA Security, which makes a range of encryption tool kits and security products.
RSA will include Rijndael in its BSAFE cryptography tool kit as an optional algorithm to use when developing applications that make use of encryption, Schnell says.
Schnell believes the banking community, which favors government-sanctioned encryption, would probably be the first industry to use Rijndael. It is seen as a replacement for the two-decade-old 56-bit Data Encryption Standard, which can be cracked with sufficient processing power.
However, a stronger version of DES, called Triple-DES, is also a government standard, and "will remain so for the foreseeable future," NIST stated in its recent guidelines, offering a well-known alternative to the largely unknown Rijndael.
Vendors of VPN products so far have not committed to using Rijndael, but they are certain to at least offer it as an option in their VPN products next year once it's an official government standard. But large enterprise customers and government agencies may not bet on Rijndael-based VPNs until they see conformance tests completed by independent labs.
Banks, in particular, are closely following Rijndael's progress. "Because our customer base is in North America we care about all the standards in this arena," says Randy Ford, the Bank of Montreal's director of e-purchasing solutions. He adds it's unclear at this point what impact AES will have.
The large installed base of Web browsers and servers that encrypt data using Secure Sockets Layer (SSL) encryption have become the norm in e-commerce. Within that application, it will be years before AES finds a role, if it ever does. Today, SSL can only use DES or RSA's 40-bit RC4. It doesn't support any strong encryption. The Internet Engineering Task Force would have to take a look at AES before altering SSL to work with it, and that will take time, Schnell says.
NIST selected Rijndael over four other cryptography entries because during testing, it showed the best consistent speed across platforms ranging from small-memory devices to mainframes. Though NIST evaluation process has won general praise, some security experts are not in favor of using Rijndael.
"It's the weakest of all the algorithms," claims John Viega, senior research assistant and consultant at Cigital (formerly Reliable Software Technologies) in Dulles, Va., which evaluates information-technology systems.
Though tests showed Rijndael won't easily be broken, even NIST suggested the algorithm could benefit by having more operations added to its structure to reduce potential vulnerabilities, he says.
Unlike the four algorithms it was competing against, Rijndael is a "square structure" algorithm, and the relative novelty of the design approach means there is less knowledge about where weaknesses may reside, Viega says.
Another issue is that Hitachi last spring exerted patent claims over the four other algorithms (MARS, RC6, Serpent and Twofish). The government wants AES to be public-domain technology, and given that it was stuck in a situation of fighting Hitachi over the four algorithms, NIST decided to choose Rijndael, Viega says.
NIST vehemently denies the Hitachi patent claims had anything to do with selecting Rijndael. Cryptographer Bruce Schneier, inventor of Twofish, brushes aside the patent claims as invalid, and says they had no affect on NIST's decision-making process, which he praises as a job well done.
Rijmen notes the competition is fierce, and he is surprised that the U.S. would adopt as a standard technology that was invented in Europe.
Rijndael in detail.
The Rinjdael Page
Includes links to more information about the standard.
Cryptography research center
Links to more information about cryptography.