56-bit encryption

In computing, 56-bit encryption refers to a key size of fifty-six bits, or seven bytes, for symmetric encryption. While stronger than 40-bit encryption, this still represents a relatively low level of security in the context of a brute force attack.

Contents

Description

The US government traditionally regulated encryption for reasons of national security, law enforcement and foreign policy. Encryption was regulated from 1976 by the Arms Export Control Act until control was transferred to the Department of Commerce in 1996.

56-bit refers to the size of a symmetric key used to encrypt data, with the number of unique possible permutations being 2^{56} (72,057,594,037,927,936). 56-bit encryption has its roots in DES, which was the official standard of the US National Bureau of Standards from 1976, and later also the RC5 algorithm. US government regulations required any users of stronger 56-bit symmetric keys to submit to key recovery though algorithms like CDMF,[1] effectively reducing the key strength to 40-bit, and thereby allowing organisations such as the NSA to brute-force this encryption. Furthermore, from 1996 software products exported from the United States were not permitted to use stronger than 56-bit encryption, requiring different software editions for the US and export markets.[2]

The advent of commerce on the Internet and faster computers raised concerns about the security of electronic transactions initially with 40-bit, and subsequently also with 56-bit encryption. Although regulations over the use of 56-bit encryption were lifted in 1998, in July of that year a successful brute-force attack was demonstrated against 56-bit encryption with a single desktop computer in just 56 hours.[3] In 1999, all restrictions on key length were lifted, except for exports to terrorist countries.[4]

56-bit DES encryption is now obsolete, having been replaced as a standard in 2002 by the 128-bit (and stronger) Advanced Encryption Standard.

See also

References

  1. ^ "Hackers Prove 56-bit DES is not Enough". InfoWorld: 77. 30 June 1997. http://books.google.com/books?id=yjsEAAAAMBAJ&pg=PA77. 
  2. ^ "Microsoft Strong Encryption Downloads". Microsoft. 2011. http://technet.microsoft.com/en-us/library/cc722908.aspx. Retrieved 8 September 2011. 
  3. ^ Congressional Record, V. 144, United States Senate, October 7, 1998 to October 9, 1998, p. 25124, http://books.google.com/books?id=m5wLgC546hMC&pg=PA25124 
  4. ^ Jeanne J. Grimmett (11 january 2001). CRS Report for Congress. Legislative Attorney, American Law Division. http://www.au.af.mil/au/awc/awcgate/crs/rl30273.pdf.