IP: Crypto standard finalists; Rosen: SDMI is your friend

[Dave Farber <farber@cis.upenn.edu>]

>Date: Wed, 11 Aug 1999 10:11:34 -0800
>From: Henry Schwan <owlswan@eff.org>
>
>MSNBC (From WIRED)
>
>Finalists for crypto standard named
>U.S. moves closer to finding replacement for DES, naming five finalists for
>the new Advanced Encryption Standard
>By Jim Kerstetter, PC Week ZDNN
>
>Aug. 9 - DES is a step closer to the dustbin. The U.S. Commerce
>Department's National Institute of Standards and Technology
>Monday announced five finalists in the two-year competition to
>find a replacement for the Data Encryption Standard, which has
>served as the government's basic encryption standard since
>1977.
>
>THE REPLACEMENT, TO BE CALLED the Advanced Encryption
>  Standard, should be completed by the summer of 2001, according to NIST.
>
>The five finalists include:
>  MARS, developed by IBM in Armonk, NY. IBM researchers also
>  created DES back in the '70s.
>  RC6, developed by Ron Rivest (inventor of the RSA public key
>  algorithm and several other well-known hashing and private key
>  algorithms) and RSA Laboratories in Bedford, Mass.
>  Rijndael, developed by Joan Daemen and Vincent Rijmen of Belgium.
>  Serpent, developed by Ross Anderson, Eli Biham and Lars Knudsen of
>  the United Kingdom, Israel and Norway.
>  Twofish, developed by Bruce Schneier, John Kelsey, Doug Whiting,
>  David Wagner, Chris Hall and Niels Ferguson of Counterpane Systems in
>  Minneapolis. Schneier also developed the popular Blowfish symmetric
>  algorithm.
>
>DES - as well as its replacement, AES - is what cryptographers call
>  a symmetric or private key algorithm. A symmetric algorithm requires that
>  both parties receiving encryption have a copy of the same encryption key
>  in order to read the scrambled data. It is also likely the most widely used
>  encryption algorithm in the world today, supported by most commercial
>  encryption products.
>
>But DES has proven to be easy prey for modern technology. It uses
>  keys of 56 bits, which were first broken nearly three years ago. In January
>  1999, cryptographers using a special DES-cracking machine, along with a
>  nationwide network of PCs, were able to crack DES in less than 24 hours.
>  The crackers used a "brute force" method of attack to solve the
>  mathematical factoring behind DES. In other words, they put a lot of
>  processing horsepower against the algorithm and were able to solve it -
>  something that has been feasible only in the last couple of years because of
>  improvements in chip technology.
>
>Enter the AES. NIST first requested proposals for the AES in
>  September 1997. Each of the candidate algorithms supports key sizes of
>  128, 192 and 256 bits. A 128-bit key cannot be broken using known
>  technology today. Each added bit essentially doubles the key strength.
>
>RSA Data Security Inc. CEO Jim Bidzos used the following analogy at
>  the company's conference in January: A 40-bit key is the water that fills a
>  spoon. A 56-bit key is the water that fills a small swimming pool. A
>  128-bit key would be all of the water on the planet.
>
>http://www.msnbc.com/news/298832.asp
>      ________________________________________________________________
>
>Rosen: SDMI is Your Friend
>by Arik Hesseldahl
>1:00 p.m.  10.Aug.99.PDT
>
>NEW YORK -- This week's Interactive Music Expo, with its gadgets galore and
>talking heads, is the latest sign that digital music has come of age.
>
>The RIAA's Hilary Rosen defended the Secure Digital Music Initiative,
>scoffing at the tech world's hoped-for world where musicians would give
>away their music for free over the Internet and support themselves by
>touring and selling T-shirts.
>
>Rosen delivered a keynote address to open the second day of the Interactive
>Music Xpo, which continues here through Thursday.
>
>But even in the digital age, "artists who invest their time and creativity
>should be able to determine the fate" of their works, Rosen said. Hence the
>creation of SDMI, a proposed standard for secure downloadable music.
>                   **********************************
>And while the number of MP3 music files continues to grow on the Internet,
>Rosen said her organization isn't interested in prosecuting people who
>download those files, but rather those who run large Web sites devoted to
>distributing illegal files.
>
>"We will find you," she said.
>
>http://www.wired.com/news/news/culture/story/21205.html
>Henry Schwan
>1550 Bryant St.  Suite 725
>San Francisco, CA  94103
>(415)436-9333  Ex. 104
>owlswan@eff.org