The Data Encryption Standard (DES) has been the most popular data

encryption technique since the mid 1970s. For more than two decades,

its 56-bit key was considered infallible. However, the growing

computational power of CPUs and advanced clustering technologies

enabled users to break its code in the late 1990s. Consequently, 128-,

512-, and even 2,048-bit keys have been introduced. However, DES

remains a classic algorithm for encrypting Unix/Linux passwords and

other nonclassified material.

A historical perspective

In 1973, the National Bureau of Standards (NBS) established a committee

for developing a standard data encryption algorithm. This algorithm, to

be used in the US federal government's computers, was expected to

become widespread in the industrial and private sectors as well.

Several companies proposed solutions, but only IBM's prevailed. After

rigorous tests, the NBS and NSA endorsed it in 1977. Since then, DES

has been the de facto encryption algorithm in many applications,

operating systems, and databases.

Key-based encryption

Both the encryption and decryption processes rely on a key derived from

the user's password, as well as additional information. Without the

key, unauthorized users cannot decrypt a DES-encrypted message -- at

least in theory. The key consists of 64 bits; 8 bits are used in error

checking, leaving 56 bits for the key itself. The number of unique keys

that can be generated from a 56-bit number is immensely high -- about

70 quadrillion (70,000,000,000,000,000). This gigantic number

stultified unauthorized attempts to decrypt DES-encrypted data for more

than two decades; however, the advent of the Internet and the ability

to join thousands of personal computers' calculating power revoked the

56-bit key's immunity.

Encryption and decryption

DES is a "block cipher" -- that is, a cipher that applies to chunks of

data (64-bit chunks in this case). Data chunks larger than this are

broken into 64-bit blocks; smaller chunks are filled with additional

padding bits to create a full 64-bit block. In the first encryption

phase, DES shifts the positions of the bits in a block according to its

key. This process is called "permutation." Next, DES derives an input

block from the result and scrambles it by complex mathematical

operations. This process is called "transformation," the result of

which is a pre-output block. Finally, this pre-output block undergoes

an additional permutation phase. The result is called "encrypted text"

or "encoded text." When given the original key used in the decryption

process, DES reconstitutes the original data from DES-encrypted text.

For further information about the DES algorithm, see

http://www.itl.nist.gov/fipspubs/fip46-2.htm. For further information

about cryptography, see http://www.ciphersbyritter.com.