Uncategorized

Triple DES Dare You

Triple DES Dare You | ATM Marketplace News

by Ann All, editor • 13 October 2003

First there was Y2K, the millennium bug that, despite all of the hype, was resolved with surprisingly little fuss in the ATM world.

Then came the federal government’s proposed changes to the ADA (Americans with Disabilities Act), a more vexing concern that will require the ATM industry to make its machines more accessible for all users, chiefly by adding the ability to make them talk.

Although the Department of Justice has yet to sign off with its final guidelines for ATM accessibility, the industry seems well on its way to resolving the ADA issue.

The latest acronym to inspire industry-wide angst is DES: Data Encryption Standard, or more accurately, Triple DES.

What DES is

Developed by an IBM team in the mid 1970s, adopted by the National Institute of Standards and Technology (NIST) in early 1977 and approved by an American National Standards Institute committee (ANSI X3.92) in 1981, DES is an encryption algorithm used to protect sensitive data — such as PINs.

With DES, a binary number called a key is used to encrypt and decrypt data. The DES algorithm uses a 56-bit key length; Triple DES specifies three rounds of encryption, effectively increasing the key length to 168 bits.

Colette Broadway, technical project manager for Thales e-Security, a provider of Host Security Modules (HSMs), the devices where PIN encryption and de-encryption occur at the host, said that there are 256 or 72 thousand-million-million values for any single DES key.

While that sounds like a lot, Broadway said, advances in computing power have made it possible, at least in theory, to crack DES using a “brute force” attack in which a computer tries every single value until the correct one is found.

There have been no cases of fraud linked to a breach of DES, a group called the Electronic Frontier Foundation won a “DES cracking” contest in 1998 by breaking a DES key in less than three days using a specially developed computer. Developed for less than $250,000, the DES Cracker computer was powered by a chip capable of processing 88 billion keys per second.

This story and all the great free content on ATM Marketplace is supported by:

Paragon Data Services

IBM and server based ATM and POS transaction processing systems.