LINUX TIPS AND TRICKS --- September 28, 2001

Published by ITworld.com -- changing the way you view IT
http://www.itworld.com/newsletters
________________________________________________________________

The Data Encryption Standard
By Danny Kalev

The Data Encryption Standard (DES) has been the most popular 
data encryption technique since the mid 1970s. For more than 
two decades, its 56-bit key was considered infallible. However, 
the growing computational power of CPUs and advanced clustering 
technologies enabled users to break its code in the late 1990s. 
Consequently, 128-, 512-, and even 2,048-bit keys have been 
introduced. However, DES remains a classic algorithm for 
encrypting Unix/Linux passwords and other nonclassified material.

A historical perspective
In 1973, the National Bureau of Standards (NBS) established a 
committee for developing a standard data encryption algorithm. 
This algorithm, to be used in the US federal government's 
computers, was expected to become widespread in the industrial 
and private sectors as well. Several companies proposed 
solutions, but only IBM's prevailed. After rigorous tests, the 
NBS and NSA endorsed it in 1977. Since then, DES has been the 
de facto encryption algorithm in many applications, operating 
systems, and databases.

Key-based encryption
Both the encryption and decryption processes rely on a key 
derived from the user's password, as well as additional 
information. Without the key, unauthorized users cannot decrypt 
a DES-encrypted message -- at least in theory. The key consists 
of 64 bits; 8 bits are used in error checking, leaving 56 bits 
for the key itself. The number of unique keys that can be 
generated from a 56-bit number is immensely high -- about 70 
quadrillion  (70,000,000,000,000,000). This gigantic number 
stultified unauthorized attempts to decrypt DES-encrypted data 
for more than two decades; however, the advent of the Internet 
and the ability to join thousands of personal computers' 
calculating power revoked the 56-bit key's immunity.

Encryption and decryption
DES is a "block cipher" -- that is, a cipher that applies to 
chunks of data (64-bit chunks in this case). Data chunks larger 
than this are broken into 64-bit blocks; smaller chunks are 
filled with additional padding bits to create a full 64-bit 
block. In the first encryption phase, DES shifts the positions 
of the bits in a block according to its key. This process is 
called "permutation." Next, DES derives an input block from the 
result and scrambles it by complex mathematical operations. This
process is called "transformation," the result of which is a 
pre-output block. Finally, this pre-output block undergoes an 
additional permutation phase. The result is called "encrypted 
text" or "encoded text." When given the original key used in 
the decryption process, DES reconstitutes the original data from
DES-encrypted text.

For further information about the DES algorithm, see 
http://itw.itworld.com/GoNow/a14724a42852a76537031a2. For 
further information about cryptography, see 
http://www.ciphersbyritter.com.

About the author(s)
-------------------
Danny Kalev is a system analyst and software engineer with more 
than 10 years of experience, specializing in C++ and 
object-oriented analysis and design on various platforms 
including VMS, DOS, Windows, Unix, and Linux. His technical 
interests involve code optimization, networking, and distributed 
computing. He is also a member of the ANSI C++ standardization 
committee and the author of ANSI/ISO C++ Professional 
Programmer's Handbook (Que, 1999). Danny can be reached at 
linuxnl@excite.com.
________________________________________________________________

ADDITIONAL RESOURCES

Data Encryption Standard (DES)
http://itw.itworld.com/GoNow/a14724a42852a76537031a2

The Data Encryption Standard
http://itw.itworld.com/GoNow/a14724a42852a76537031a0

EFF quickly cracks Data Encryption Standard
http://itw.itworld.com/GoNow/a14724a42852a76537031a1

Data Encryption Standard (DES), Triple DES, and Skipjack 
Algorithms http://itw.itworld.com/GoNow/a14724a42852a76537031a3
________________________________________________________________

CUSTOMER SERVICE

SUBSCRIBE/UNSUBSCRIBE:
- Go to: http://www.itworld.com/newsletters
- Click on "View my newsletters" to log in and manage your
  account
- To subscribe, check the box next to the newsletter
- To unsubscribe, uncheck the box next to the newsletter 
- When finished, click submit

Questions? Please e-mail customer service at: 
mailto:support@itworld.com
________________________________________________________________

CONTACTS

* Editorial: Andrew Santosusso, Associate Editor, Newsletters, 
  andrew_santosusso@itworld.com

* Advertising: Clare O'Brien, Vice President of Sales, 
  clare_obrien@itworld.com

* Recruitment advertising: Jamie Swartz, Eastern, Regional Sales 
  Manager, jamie_swartz@itworld.com or Paul Duthie, Western
  Regional Sales Manager, paul_duthie@itcareers.net

* Other inquiries: Jodie Naze, Senior Product Marketing Manager, 
  jodie_naze@itworld.com
________________________________________________________________

PRIVACY POLICY
http://www.itworld.com/Privacy/

Copyright 2001 ITworld.com, Inc., All Rights Reserved.
http://www.itworld.com
