Skip Links

Deciphering the world of crypto

IETF opens its arms to lesser-known algorithms such as SEED and GOST.

By , Network World
October 24, 2005 12:05 AM ET

Network World -

 It's the computational magic for scrambling data to keep it secret, and in the U.S., the best-known cryptographic algorithms go by names such as Triple-DES and AES.

But in other countries, such as South Korea, Russia and Japan, it is SEED, GOST and Camellia that say security, say nothing of specialized cryptos such as CAVE and A5/1.

It's a wide world of encryption, and the IETF, which shepherds Internet protocols, is embracing it.

The IETF standards for Web, VPN and e-mail security have been driven with crypto algorithms approved by the U.S. government, primarily via the National Institute of Standards and Technology.

Triple-DES is defined as a must for any product implementation based on IETF standards. The newer 128-bit Advanced Encryption Standard (AES) - a cipher invented by Belgian cryptographers that was selected as the U.S. standard in late 2001 after a five-year review - will eventually gain must-have status.

The IETF isn't in the job of vetting crypto algorithms, as that's regarded as a job for government agencies throughout the world, typically with a lot of input from outside experts. But the IETF is careful to include only sound crypto into its protocols.

Like practically everything in the IETF standards process, getting new crypto into IETF protocols such as Secure Multi-purpose Internet Mail Extensions (S/MIME), IPSec and Transport Layer Security (TLS) can take years. The Russians and the South Koreans have been among the most persevering in seeking to get their national ciphers through the process.

In a sign of success, several IETF RFCs recently were issued for using South Korea's 128-bit symmetric key SEED and the Russian 256-bit GOST, which is extensible to 768 bits. (The longer the key size, the presumably harder it is to break encrypted data, though other factors define an algorithm's intrinsic strength.)

"In this conscious effort to register a cipher suite, they're being good Internet citizens," says Russ Housley, the IETF security area director who heads his own firm, Vigil Security.

SEED, developed by the Korean Information Security Agency (KISA), is defined for use in TLS and S/MIME, with IPSec support on the way. Four of KISA's security experts, Hyangjin Lee, Jaeho Yoon, Seoklae Lee and Jaeil Lee, wrote the technical drafts, detailing use of SEED and testifying that it is "robust against known attacks." It is said to be widely used by financial services companies, including the Bank of Korea, for VPN and digital rights management. SEED is supported in products from an assortment of global companies, including Chrysalis-ITS, nCipher, Rainbow Technologies and Schlumberger.

The Russians also are making a splash at the IETF, with security vendors Crypto-Pro, Factor-TC, Infotecs and Fguestc lobbying for the Russian block cipher GOST 28147-89 (GOST is short for the Russian word for government). Because of their efforts, GOST recently became an option for use in IETF protocols.

"GOST is the Russian national standard, but it turns out GOST left something unsaid about what was needed for interoperability, so the Russian crypto vendors got together to make sure the standard could support interoperable products," Housley says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News