Computer Security Resource Center   nistlogo
Home Library Services Events Advisories Contact Site Map  
SEARCH


advanced search

Cryptographic Toolkit
 Guidance
 Encryption
 Modes of Operation
 Digital Signatures
 Secure Hashing
 Key Management
 RNG
 Message Authentication
 Entity Authentication
 Passwords

Project Sites
CMVP
PKI
Common Criteria
NIAP
Security Practices
Publications
 
 

Cryptographic Toolkit Header

Encryption

Currently, there exist four (4) FIPS-approved* encryption algorithms: AES, Triple DES, DES, and Skipjack.

AES

FIPS 197, Advanced Encryption Standard (AES), November 2001.

NIST is pleased to announce the approval of FIPS 197 Advance Encryption Standard which specifies the Rijndael encryption algorithm as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.

Federal agencies should also see OMB guidance.

Complete information on the AES development effort is available at the AES home page.

Triple DES

FIPS 46-3, Data Encryption Standard (DES), October 1999.

FIPS 46-3 states that Triple DES is a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.
ANSI X9.52-1998, Triple Data Encryption Algorithm Modes of Operation, 1998 (available from the ANSI X9 catalog).

ANSI X9.52 contains the complete specification for Triple DES and its seven modes of operation.
ANSI X9.65-DRAFT, Triple Data Encryption Algorithm (TDEA), Implementation Guide (will be available from the ANSI X9 catalog).

Draft ANSI X9.65 contains information on the various Triple DES modes, including characteristics, implementation issues, and an outline of key management methods for Triple DES keys.

DES

FIPS 46-3, Data Encryption Standard (DES), October 1999.

FIPS 46-3 includes specifications for DES, and states that DES is permitted in legacy systems only (i.e., not allowed in new acquisitions).
FIPS 81, DES Modes of Operation, December 1980.

FIPS 81 specifies four (4) modes of operation for DES (ECB, CBC, CFB, OFB). Also see Modes of Operation.

Skipjack

The declassified Skipjack algorithm was originally referenced in FIPS 185, Escrowed Encryption Standard (EES), February 1994.

NIST is providing a clarification regarding byte ordering to the specification for Skipjack.
FIPS 81, DES Modes of Operation, December 1980.

Skipjack may use any of the four (4) DES modes of operation (ECB, CBC, CFB, OFB) specified in FIPS 81. Also see Modes of Operation.

Testing / Products

Testing requirements and validation lists are available for AES, Triple DES, DES, and Skipjack implementations.

Additional
Information

Details on the security of DES and the migration from DES to Triple DES are discussed in FIPS 46-3. NIST has developed guidance on the continued use of DES.

Future Plans

Modes of Operation for the FIPS-approved encryption algorithms are available on the Modes of Operation page.

A draft of the AES Key Wrap specification is available on the Key Management page.

Cryptographic Toolkit Return to crypto toolkit page
 

 

* NIST cryptographic standards are specified in Federal Information Processing Standards (FIPS) Publications. The term "FIPS-approved" indicates something (e.g., a cryptographic algorithm) that is either a) specified in a FIPS or b) adopted in a FIPS and specified either in an appendix to the FIPS or in a document referenced by the FIPS.

Last updated: May 9 , 2002
Page created: December 21, 2000  
Contact: Elaine Barker