September 28, 2001, 12:00 AM — The Data Encryption Standard (DES) has been the most popular data
encryption technique since the mid 1970s. For more than two decades,
its 56-bit key was considered infallible. However, the growing
computational power of CPUs and advanced clustering technologies
enabled users to break its code in the late 1990s. Consequently, 128-,
512-, and even 2,048-bit keys have been introduced. However, DES
remains a classic algorithm for encrypting Unix/Linux passwords and
other nonclassified material.
A historical perspective
In 1973, the National Bureau of Standards (NBS) established a committee
for developing a standard data encryption algorithm. This algorithm, to
be used in the US federal government's computers, was expected to
become widespread in the industrial and private sectors as well.
Several companies proposed solutions, but only IBM's prevailed. After
rigorous tests, the NBS and NSA endorsed it in 1977. Since then, DES
has been the de facto encryption algorithm in many applications,
operating systems, and databases.
Key-based encryption
Both the encryption and decryption processes rely on a key derived from
the user's password, as well as additional information. Without the
key, unauthorized users cannot decrypt a DES-encrypted message -- at
least in theory. The key consists of 64 bits; 8 bits are used in error
checking, leaving 56 bits for the key itself. The number of unique keys
that can be generated from a 56-bit number is immensely high -- about
70 quadrillion (70,000,000,000,000,000). This gigantic number
stultified unauthorized attempts to decrypt DES-encrypted data for more
than two decades; however, the advent of the Internet and the ability
to join thousands of personal computers' calculating power revoked the
56-bit key's immunity.
Encryption and decryption
DES is a "block cipher" -- that is, a cipher that applies to chunks of
data (64-bit chunks in this case). Data chunks larger than this are
broken into 64-bit blocks; smaller chunks are filled with additional
padding bits to create a full 64-bit block. In the first encryption
phase, DES shifts the positions of the bits in a block according to its
key. This process is called "permutation." Next, DES derives an input
block from the result and scrambles it by complex mathematical
operations. This process is called "transformation," the result of
which is a pre-output block. Finally, this pre-output block undergoes
an additional permutation phase. The result is called "encrypted text"
or "encoded text." When given the original key used in the decryption
process, DES reconstitutes the original data from DES-encrypted text.
For further information about the DES algorithm, see
http://www.itl.nist.gov/fipspubs/fip46-2.htm. For further information
about cryptography, see http://www.ciphersbyritter.com.
