IP: Crypto standard finalists; Rosen: SDMI is your friend

[Dave Farber <farber () cis upenn edu>]

> Date: Wed, 11 Aug 1999 10:11:34 -0800
> From: Henry Schwan <owlswan () eff org>
>
> MSNBC (From WIRED)
>
> Finalists for crypto standard named
> U.S. moves closer to finding replacement for DES, naming five finalists for
> the new Advanced Encryption Standard
> By Jim Kerstetter, PC Week ZDNN
>
> Aug. 9 - DES is a step closer to the dustbin. The U.S. Commerce
> Department's National Institute of Standards and Technology
> Monday announced five finalists in the two-year competition to
> find a replacement for the Data Encryption Standard, which has
> served as the government's basic encryption standard since
> 1977.
>
> THE REPLACEMENT, TO BE CALLED the Advanced Encryption
>  Standard, should be completed by the summer of 2001, according to NIST.
>
> The five finalists include:
>  MARS, developed by IBM in Armonk, NY. IBM researchers also
>  created DES back in the '70s.
>  RC6, developed by Ron Rivest (inventor of the RSA public key
>  algorithm and several other well-known hashing and private key
>  algorithms) and RSA Laboratories in Bedford, Mass.
>  Rijndael, developed by Joan Daemen and Vincent Rijmen of Belgium.
>  Serpent, developed by Ross Anderson, Eli Biham and Lars Knudsen of
>  the United Kingdom, Israel and Norway.
>  Twofish, developed by Bruce Schneier, John Kelsey, Doug Whiting,
>  David Wagner, Chris Hall and Niels Ferguson of Counterpane Systems in
>  Minneapolis. Schneier also developed the popular Blowfish symmetric
>  algorithm.
>
> DES - as well as its replacement, AES - is what cryptographers call
>  a symmetric or private key algorithm. A symmetric algorithm requires that
>  both parties receiving encryption have a copy of the same encryption key
>  in order to read the scrambled data. It is also likely the most widely used
>  encryption algorithm in the world today, supported by most commercial
>  encryption products.
>
> But DES has proven to be easy prey for modern technology. It uses
>  keys of 56 bits, which were first broken nearly three years ago. In January
>  1999, cryptographers using a special DES-cracking machine, along with a
>  nationwide network of PCs, were able to crack DES in less than 24 hours.
>  The crackers used a "brute force" method of attack to solve the
>  mathematical factoring behind DES. In other words, they put a lot of
>  processing horsepower against the algorithm and were able to solve it -
>  something that has been feasible only in the last couple of years because of
>  improvements in chip technology.
>
> Enter the AES. NIST first requested proposals for the AES in
>  September 1997. Each of the candidate algorithms supports key sizes of
>  128, 192 and 256 bits. A 128-bit key cannot be broken using known
>  technology today. Each added bit essentially doubles the key strength.
>
> RSA Data Security Inc. CEO Jim Bidzos used the following analogy at
>  the company's conference in January: A 40-bit key is the water that fills a
>  spoon. A 56-bit key is the water that fills a small swimming pool. A
>  128-bit key would be all of the water on the planet.
>
> http://www.msnbc.com/news/298832.asp
>      ________________________________________________________________
>
> Rosen: SDMI is Your Friend
> by Arik Hesseldahl
> 1:00 p.m.  10.Aug.99.PDT
>
> NEW YORK -- This week's Interactive Music Expo, with its gadgets galore and
> talking heads, is the latest sign that digital music has come of age.
>
> The RIAA's Hilary Rosen defended the Secure Digital Music Initiative,
> scoffing at the tech world's hoped-for world where musicians would give
> away their music for free over the Internet and support themselves by
> touring and selling T-shirts.
>
> Rosen delivered a keynote address to open the second day of the Interactive
> Music Xpo, which continues here through Thursday.
>
> But even in the digital age, "artists who invest their time and creativity
> should be able to determine the fate" of their works, Rosen said. Hence the
> creation of SDMI, a proposed standard for secure downloadable music.
>                   **********************************
> And while the number of MP3 music files continues to grow on the Internet,
> Rosen said her organization isn't interested in prosecuting people who
> download those files, but rather those who run large Web sites devoted to
> distributing illegal files.
>
> "We will find you," she said.
>
> http://www.wired.com/news/news/culture/story/21205.html
> Henry Schwan
> 1550 Bryant St.  Suite 725
> San Francisco, CA  94103
> (415)436-9333  Ex. 104
> owlswan () eff org