56-bit encryption explained

In computing, 56-bit encryption refers to a key size of fifty-six bits, or seven bytes, for symmetric encryption. While stronger than 40-bit encryption, this still represents a relatively low level of security in the context of a brute force attack.

Description

The US government traditionally regulated encryption for reasons of national security, law enforcement and foreign policy. Encryption was regulated from 1976 by the Arms Export Control Act until control was transferred to the Department of Commerce in 1996.

56-bit refers to the size of a symmetric key used to encrypt data, with the number of unique possible permutations being

256

(72,057,594,037,927,936). 56-bit encryption has its roots in DES, which was the official standard of the US National Bureau of Standards from 1976, and later also the RC5 algorithm. US government regulations required any users of stronger 56-bit symmetric keys to submit to key recovery through algorithms like CDMF or key escrow,[1] effectively reducing the key strength to 40-bit, and thereby allowing organisations such as the NSA to brute-force this encryption. Furthermore, from 1996 software products exported from the United States were not permitted to use stronger than 56-bit encryption, requiring different software editions for the US and export markets.[2] In 1999, US allowed 56-bit encryption to be exported without key escrow or any other key recovery requirements.

The advent of commerce on the Internet and faster computers raised concerns about the security of electronic transactions initially with 40-bit, and subsequently also with 56-bit encryption. In February 1997, RSA Data Security ran a brute force competition with a $10,000 prize to demonstrate the weakness of 56-bit encryption; the contest was won four months later.[3] In July 1998, a successful brute-force attack was demonstrated against 56-bit encryption with Deep Crack in just 56 hours.[4]

In 2000, all restrictions on key length were lifted, except for exports to embargoed countries.[5]

56-bit DES encryption is now obsolete, having been replaced as a standard in 2002 by the 128-bit (and stronger) Advanced Encryption Standard. DES continues to be used as a symmetric cipher in combination with Kerberos because older products do not support newer ciphers like AES.[6]

See also

Notes and References

  1. Hackers Prove 56-bit DES is not Enough. 77. InfoWorld. June 30, 1997. Radosevich. Lynda.
  2. Web site: Microsoft Strong Encryption Downloads. Microsoft. 2011. 8 September 2011.
  3. News: Michael Kanellos. Group Cracks 56-bit Encryption. CNET. 18 June 1997. 19 January 2012.
  4. Book: Congressional Record. 25124. 144. 17. United States Senate. October 7–9, 1998. 9780160680830.
  5. Encryption Export Controls . 11 January 2001. Jeanne J. . Grimmett. The Library of Congress. RL30273 . https://web.archive.org/web/20220307201517/https://irp.fas.org/crs/RL30273.pdf . 7 March 2022 . live .
  6. Web site: Microsoft security advisory: Update to harden use of DES encryption: July 14, 2015.

This article is licensed under the GNU Free Documentation License. It uses material from the Wikipedia article "56-bit encryption".

Except where otherwise indicated, Everything.Explained.Today is © Copyright 2009-2025, A B Cryer, All Rights Reserved. Cookie policy.