Encryption standard strengthened

The federal government has a new standard for encrypting electronic documents and messages, a code so secure federal officials predict its encoded material will remain uncrackable for 20 to 30 years.

The Advanced Encryption Standard (AES) received formal approval from Commerce Secretary Donald Evans Dec. 4. It replaces the Data Encryption Standard (DES), which was adopted in 1977 and can be deciphered with modern computers.

Now that the federal government has adopted the standard, it is expected to provide a boost to e-government and become widely used by the private sector to protect sensitive computerized information and financial transactions.

In the short term, the use of the new encryption standard is likely to go unnoticed by most people, said Phil Bullman, a spokesman for the National Institute of Standards and Technology, which helped select the new standard.

Although encryption is already used extensively by the financial industry for such things as online banking and automated teller machine transactions, the encryption is invisible to banking customers, and most users are probably unaware that it is occurring, he said.

Consumers also often use encryption when they make purchases via the Internet. Credit card numbers are often encrypted automatically when orders are placed.

In the longer term, however, more sophisticated encryption is expected to make more e-government functions possible, said Alan Balutis, former chief of NIST's Advanced Technology Program.

Strong encryption is essential to ensure the security and authenticity of the online transactions envisioned in e-government, such as digitally signing contracts and completing financial, legal and other transactions, he said. Today there are "relatively small pockets" where e-government has taken hold at the federal level, but stronger encryption could push e-government to "the cusp of a substantial takeoff," said Balutis, who now serves as the executive director of the Federation of Government Information Processing Councils and the Industry Advisory Council.

In a statement announcing the adoption of AES, Evans predicted that it will "promote efforts to provide secure electronic government services to our citizens."

At the heart of encryption technology is a complex mathematical formula known as an algorithm. AES employs a 128-bit encryption algorithm compared with DES' 56-bit one.

In guidance to federal agencies, the Office of Management and Budget noted that encryption is an important tool for protecting the confidentiality of sensitive information, but urged agency personnel to use the powerful new AES carefully.

Encrypting information with AES may mean losing it if agencies lose access to the cryptographic keys needed to decipher it.

OMB instructed NIST to "issue appropriate guidance to agencies by April 2002" on ensuring that encrypted data can be decrypted when necessary.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected