U.S. Adopts New Encryption StandardU.S. Adopts New Encryption Standard

The U.S. government will upgrade its data-encryption standard for the first time in more than 20 years. Commerce Secretary Dan Evans said in a statement that the change would help the nation protect critical information infrastructure and ensure privacy for personal information.

The new Advanced Encryption Standard, which was selected after a four-year study, supports key sizes of 128, 192, and 256 bits. In contrast, the Data Encryption Standard, which was adopted in 1977, used 56-bit keys and can be cracked by specialized computers in only a few hours.

A determined adversary can break DES simply through a brute-force attack of trying key after key, says Alan Sherman, a computer science professor at the University of Maryland Baltimore County. But AES is much stronger, he says, and invulnerable to such attacks. According to the National Institutes of Standards and Technology, if someone built a theoretical machine fast enough to crack DES in one second, it would still take the same machine 149 trillion years to break a 128-bit AES key.

Sherman says the adoption of a new standard is a boon to businesses, which can now rely on the system for their own data without having to do expensive research and testing themselves. They'll also save money when developing products. "A company can't build a product and interact with others if there are multiple standards," he explains. "Each company would have to have multiple versions. This is very helpful for the industry at large."