11.3. ENCRYPTION

Within the computing world, encryption algorithms can be classified into two categories: symmetric or asymmetric. Symmetric algorithms use the same key for encrypting and decrypting messages. Perhaps the best-known and extensively implemented symmetric algorithm is the Data Encryption Algorithm (DEA), which was adopted as a Federal Information Processing Standard (FIPS) for sensitive but unclassified information by the U.S. government in 1977. This standard is known as the Data Encryption Standard (DES). DES was developed by IBM under contract with the National Institute of Standards and Technology (NIST), which was formerly known as the National Bureau of Standards. DES utilizes a 56-bit key length. The use of DES by government agencies has led to its general acceptance for commercial encryption. For example, DES is currently deployed by many financial institutions and automated teller machine (ATM) switching services to help ensure secure ATM transactions. In addition, Fedwire, the United States Federal Reserve Bank's wire transfer system, uses DES for transactions among financial institutions.

Advances in technology have eroded the future strength and effectiveness of DES. On June 17, 1997, the DES encryption algorithm was broken by Rocke Verser, a Loveland, Colorado, programmer. He stated, "We have demonstrated that DES can be cracked, and it's not difficult to do it. It means that we need to take a very serious look at how data is encrypted and stored and ...

Get Auditing Information Systems, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.