It's been two years now since the National Institute of Standards and Technology officially crowned the Advanced Encryption Standard (AES) as the symmetric-algorithm replacement for the decades-old 56-bit Digital Encryption Standard (DES). So why is customer demand for AES not particularly high?
The basic problem about lack of demand for 128-bit AES has nothing to do with the intrinsic merits of the AES algorithm itself, but more to do with the difficulty something new often has in finding its way into any technical infrastructure when something old is still there and running.
"There was the assumption that once it was accepted as a standard, then things would happen overnight but that's not how it's turned out," notes Gary Lefkowitz, director of marketing for Hewlett-Packard's Atalla Security Products division.
HP Atalla, whose product line includes encryption modules for ATM machines, point-of-sale (POS) equipment and electronic funds transfer applications, has a long-time customer base in the banking industry and government. Since AES was approved as a standard, HP Atalla has regularly included AES as one of several encryption options in its offerings.
The AES algorithm was invented by Belgian cryptographers Joan Deamen and Vincent Rijmen, who called it "Rijndael," and their creation was selected by NIST after a lengthy evaluation against half a dozen other possibilities. But according to Lefkowitz, demand for AES is practically nil since alternatives like Triple-DES - a much stronger use of DES - remain widely embedded in encryption-based equipment and applications.
"A lot of the ATM self-service machines and POS devices are still using Triple-DES and DES," says Lefkowitz, adding he's heard virtually no demand that AES replace the older encryption.
However, HP is making AES the fundamental encryption technology for an upcoming product called the Trusted PrintMail Center expected to ship in July. Trusted PrintMail Center provides a way for banks and other enterprises to securely transmit personal identification numbers and passwords - or even crypto-key components - to intended recipients securely. The system includes a way to encrypt the confidential information using AES, and it's only decrypted at the local or remote HP LaserJet Printer with an attached Network Security Processor.
At that point, the HP LaserJet Print-to-Mail equipment can be set up to automatically fold and seal the PIN mailer for distribution by regular snail mail, if the goal is to mail PIN and password securely to the customer, a common practice by banks and brokerage houses.
So AES is finding its way into business use. Know of places where demand for AES is taking off? Let me know, at emessmer@nww.com.
Post a comment
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
| Enterprise Security |
| Trend Micro Gets Smart with a Hybrid Approach |
| Web Threats Challenges and Solutions |
| The Evolution of Network Security |
| Executive Guide: Keeping Up With the Wireless Whirlwind |
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
