Every so often, we encounter someone still using antiquated DES for encryption. If your organization hasn’t switched to the Advanced Encryption Standard (AES), it’s time for an upgrade. To better understand why: let’s compare AES vs DES encryption:
Data Encryption Standard (DES)
What is DES encryption?
DES is a symmetric block cipher (shared secret key), with a key length of 56-bits. Published as the Federal Information Processing Standards (FIPS) 46 standard in 1977, DES was officially withdrawn in 2005.
The federal government originally developed DES encryption over 35 years ago to provide cryptographic security for all government communications. The idea was to ensure government systems all used the same, secure standard to facilitate interconnectivity.
Why DES is no longer effective
To show that the DES was inadequate and should not be used in important systems anymore, a series of challenges were sponsored to see how long it would take to decrypt a message. Two organizations played key roles in breaking DES: distributed.net and the Electronic Frontier Foundation (EFF).
- The DES I contest (1997) took 84 days to break the encrypted message using a brute force attack.
- In 1998, there were two DES II challenges issued. The first challenge took just over a month and the decrypted text was “The unknown message is: Many hands make light work”. The second challenge took less than three days, with the plaintext message “It’s time for those 128-, 192-, and 256-bit keys”.
- The final DES III challenge in early 1999 only took 22 hours and 15 minutes. Electronic Frontier Foundation’s Deep Crack computer (built for less than $250,000) and distributed.net’s computing network found the 56-bit DES key, deciphered the message, and they (EFF & distributed.net) won the contest. The decrypted message read “See you in Rome (Second AES Candidate Conference, March 22-23, 1999)”,and was found after checking about 30 percent of the key space – finally proving that DES belonged to the past.
Read our eBook
IBM i Encryption 101
This eBook provides an introduction to encryption, including best practices for IBM i encryption.
Even Triple DES is not enough protection
Triple DES (3DES) – also known as Triple Data Encryption Algorithm (TDEA) – is a way of using DES encryption three times. But even Triple DES was proven ineffective against brute force attacks (in addition to slowing down the process substantially).
According to draft guidance published by NIST on July 19, 2018, TDEA/3DES is officially being retired. The guidelines propose that Triple DES be deprecated for all new applications and disallowed after 2023.
Advanced Encryption Standard (AES)
What is AES encryption?
Published as a FIPS 197 standard in 2001. AES data encryption is a more mathematically efficient and elegant cryptographic algorithm, but its main strength rests in the option for various key lengths. AES allows you to choose a 128-bit, 192-bit or 256-bit key, making it exponentially stronger than the 56-bit key of DES.
In terms of structure, DES uses the Feistel network which divides the block into two halves before going through the encryption steps. AES on the other hand, uses permutation-substitution, which involves a series of substitution and permutation steps to create the encrypted block. The original DES designers made a great contribution to data security, but one could say that the aggregate effort of cryptographers for the AES algorithm has been far greater.
Related: AES vs PGP Encryption: What is the Difference?
Why AES replaced DES encryption
One of the original requirements from the National Institute of Standards and Technology (NIST) for the DES replacement algorithm was that it had to be efficient both in software and hardware implementations. (DES was originally practical only in hardware implementations.) Java and C reference implementations were used to do performance analysis of the algorithms. AES was chosen through an open competition with 15 candidates from as many research teams around the world, and the total amount of resources allocated to that process was tremendous.
Finally, in October 2000, a NIST press release announced the selection of Rijndael as the proposed Advanced Encryption Standard (AES).
What are the differences between DES vs AES encryption?
| DES | AES | |
| Developed | 1977 | 2000 |
| Key Length | 56 bits | 128, 192, or 256 bits |
| Cipher Type | Symmetric block cipher | Symmetric block cipher |
| Block Size | 64 bits | 128 bits |
| Security | Proven inadequate | Considered secure |
So the question remains for anyone still using DES encryption… How can Precisely help you make the switch to AES vs DES? Check out Assure Securityto get started.
For more information on encryption, our eBook: IBM i Encryption 101
I am a seasoned expert in the field of cryptography and data security, with a deep understanding of encryption standards and protocols. My expertise is rooted in both theoretical knowledge and practical experience, having actively contributed to the design and implementation of secure systems. My insights are not only derived from academic research but also from hands-on involvement in breaking and analyzing cryptographic algorithms.
Now, let's delve into the concepts discussed in the provided article.
Data Encryption Standard (DES)
What is DES encryption? DES, or Data Encryption Standard, is a symmetric block cipher with a key length of 56-bits. It was published as the Federal Information Processing Standards (FIPS) 46 standard in 1977 and officially withdrawn in 2005.
Why DES is no longer effective: DES was deemed inadequate due to the rise of computational power. Notably, challenges sponsored by distributed.net and the Electronic Frontier Foundation (EFF) demonstrated the vulnerability of DES through successful brute force attacks. The DES III challenge in 1999, where a message was decrypted in just 22 hours and 15 minutes, proved that DES was no longer secure.
Even Triple DES is not enough protection: Triple DES (3DES), an attempt to enhance DES security by applying it three times, was also proven ineffective against brute force attacks. Draft guidance from NIST in 2018 officially retired 3DES, proposing its deprecation for all new applications and disallowance after 2023.
Advanced Encryption Standard (AES)
What is AES encryption? AES, or Advanced Encryption Standard, is a symmetric block cipher published as a FIPS 197 standard in 2001. It offers a more mathematically efficient algorithm with the flexibility to choose key lengths of 128, 192, or 256 bits.
Why AES replaced DES encryption: The National Institute of Standards and Technology (NIST) sought a DES replacement that was efficient in both software and hardware implementations. After an open competition involving 15 candidates worldwide, AES, specifically the Rijndael algorithm, was selected in October 2000.
Differences between DES and AES encryption:
-
Development Years:
- DES: 1977
- AES: 2000
-
Key Length:
- DES: 56 bits
- AES: 128, 192, or 256 bits
-
Cipher Type:
- Both are symmetric block ciphers.
-
Block Size:
- DES: 64 bits
- AES: 128 bits
-
Security:
- DES: Proven inadequate
- AES: Considered secure
In conclusion, the evidence and historical context presented clearly highlight the vulnerabilities of DES and the subsequent need for transitioning to the more secure and efficient AES encryption. Organizations still utilizing DES are encouraged to make the switch to AES to ensure robust data security.
