<?xmlversion="1.0" encoding="UTF-8"?> <?xml-stylesheet type="text/xsl" href="rfc2629.xslt" ?> <!-- generated by https://github.com/cabo/kramdown-rfc2629 version 1.4.2 -->version='1.0' encoding='utf-8'?> <!DOCTYPE rfc SYSTEM"rfc2629.dtd" [ <!ENTITY RFC2119 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"> <!ENTITY RFC8174 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"> <!ENTITY RFC8018 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.8018.xml"> <!ENTITY RFC4211 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4211.xml"> <!ENTITY I-D.ietf-lamps-cms-aes-gmac-alg SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml3/reference.I-D.ietf-lamps-cms-aes-gmac-alg.xml"> <!ENTITY RFC4231 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.4231.xml"> <!ENTITY RFC6194 SYSTEM "https://xml2rfc.tools.ietf.org/public/rfc/bibxml/reference.RFC.6194.xml"> ]> <?rfc toc="yes"?> <?rfc sortrefs="yes"?> <?rfc symrefs="yes"?>"rfc2629-xhtml.ent"> <rfc xmlns:xi="http://www.w3.org/2001/XInclude" ipr="pre5378Trust200902" docName="draft-ietf-lamps-crmf-update-algs-07" category="std" consensus="true"updates="4211">updates="4211" obsoletes="" submissionType="IETF" xml:lang="en" tocInclude="true" sortRefs="true" symRefs="true" version="3" number="9045"> <front> <title abbrev="CRMF Algorithm Requirements Update">Algorithm Requirements Update to the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF)</title> <seriesInfo name="RFC" value="9045"/> <author initials="R." surname="Housley" fullname="Russ Housley"> <organization abbrev="Vigil Security">Vigil Security, LLC</organization> <address> <postal> <street>516 Dranesville Road</street><city>Herndon, VA</city><city>Herndon</city> <region>VA</region> <code>20170</code><country>US</country><country>United States of America</country> </postal> <email>housley@vigilsec.com</email> </address> </author> <date year="2021"month="April" day="08"/>month="June"/> <area>Security</area><keyword>Internet-Draft</keyword><keyword>Authentication</keyword> <keyword>Message Authentication Code</keyword> <keyword>Password-Based Message Authentication Code</keyword> <abstract> <t>This document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) specified in RFC 4211.</t> </abstract> </front> <middle> <sectionanchor="intro"><name>Introduction</name>anchor="intro" numbered="true" toc="default"> <name>Introduction</name> <t>This document updates the cryptographic algorithm requirements for the Password-Based Message Authentication Code (MAC) in the Internet X.509 Public Key Infrastructure Certificate Request Message Format (CRMF) <xreftarget="RFC4211"/>.target="RFC4211" format="default"/>. The algorithms specified in <xreftarget="RFC4211"/>target="RFC4211" format="default"/> were appropriate in 2005; however, these algorithms are no longer considered the bestchoices:</t> <t><list style="symbols"> <t>HMAC-SHA1choices: </t> <ul spacing="normal"> <li>HMAC-SHA1 <xref target="HMAC" format="default"/> <xreftarget="HMAC"/><xref target="SHS"/>target="SHS" format="default"/> is not broken yet, but there are much stronger alternatives <xreftarget="RFC6194"/>.</t> <t>DES-MACtarget="RFC6194" format="default"/>.</li> <li>DES-MAC <xreftarget="PKCS11"/>target="PKCS11" format="default"/> provides 56 bits of security, which is no longer considered secure <xreftarget="WITHDRAW"/>.</t> <t>Triple-DES-MACtarget="WITHDRAW" format="default"/>.</li> <li>Triple-DES-MAC <xreftarget="PKCS11"/>target="PKCS11" format="default"/> provides 112 bits of security, which is now deprecated <xreftarget="TRANSIT"/>.</t> </list></t>target="TRANSIT" format="default"/>.</li> </ul> <t>This update specifies algorithms that are more appropriate today.</t> <t>CRMF is defined using Abstract Syntax Notation One (ASN.1) <xreftarget="X680"/>.</t>target="X680" format="default"/>.</t> </section> <sectionanchor="terms"><name>Terminology</name> <t>Theanchor="terms" numbered="true" toc="default"> <name>Terminology</name> <t> The key words"MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY","<bcp14>MUST</bcp14>", "<bcp14>MUST NOT</bcp14>", "<bcp14>REQUIRED</bcp14>", "<bcp14>SHALL</bcp14>", "<bcp14>SHALL NOT</bcp14>", "<bcp14>SHOULD</bcp14>", "<bcp14>SHOULD NOT</bcp14>", "<bcp14>RECOMMENDED</bcp14>", "<bcp14>NOT RECOMMENDED</bcp14>", "<bcp14>MAY</bcp14>", and"OPTIONAL""<bcp14>OPTIONAL</bcp14>" in this document are to be interpreted as described inBCP 14BCP 14 <xref target="RFC2119"/> <xref target="RFC8174"/> when, and only when, they appear in all capitals, as shownhere.</t>here. </t> </section> <sectionanchor="signature-key-pop"><name>Signatureanchor="signature-key-pop" numbered="true" toc="default"> <name>Signature Key POP</name><t>Section 4.1 of <xref target="RFC4211"/><t><xref target="RFC4211" sectionFormat="of" section="4.1"/> specifies theProof-of-Possessionproof-of-possession (POP) processing. This section is updated to explicitly allow the use of the PBMAC1 algorithm presented inSection 7.1 of<xreftarget="RFC8018"/>.</t>target="RFC8018" sectionFormat="of" section="7.1"/>.</t> <t>OLD:</t><t><list style='empty'> <t>algId<blockquote> algId identifies the algorithm used to compute the MAC value. All implementationsMUST<bcp14>MUST</bcp14> support id-PasswordBasedMAC. The details on this algorithm are presented in section4.4</t> </list></t><xref target="RFC4211" sectionFormat="bare" section="4.4"/>. </blockquote> <t>NEW:</t><t><list style='empty'> <t>algId<blockquote> algId identifies the algorithm used to compute the MAC value. All implementationsMUST<bcp14>MUST</bcp14> support id-PasswordBasedMAC as presented inSection 4.4 of<xreftarget="RFC4211"></xref>.target="RFC4211" sectionFormat="of" section="4.4"/>. ImplementationsMAY<bcp14>MAY</bcp14> also support PBMAC1 as presented inSection 7.1 of<xreftarget="RFC8018"></xref>.</t> </list></t>target="RFC8018" sectionFormat="of" section="7.1"/>. </blockquote> </section> <sectionanchor="password-based-message-authentication-code"><name>Password-Basedanchor="password-based-message-authentication-code" numbered="true" toc="default"> <name>Password-Based Message Authentication Code</name><t>Section 4.4 of <xref target="RFC4211"/><t><xref target="RFC4211" sectionFormat="of" section="4.4"/> specifies a Password-Based MAC that relies on a one-way function to compute a symmetric key from the password and a MAC algorithm. This section specifies algorithm requirements for the one-way function and the MAC algorithm.</t> <sectionanchor="introduction-paragraph"><name>Introductionanchor="introduction-paragraph" numbered="true" toc="default"> <name>Introduction Paragraph</name> <t>Add guidance about limiting the use of thepassword.</t>password as follows:</t> <t>OLD:</t><t><list style='empty'> <t>This<blockquote> This MAC algorithm was designed to take a shared secret (a password) and use it to compute a check value over a piece of information. The assumption is that, without the password, the correct check value cannot be computed. The algorithm computes the one-way function multiple times in order to slow down any dictionary attacks against the passwordvalue.</t> </list></t>value. </blockquote> <t>NEW:</t><t><list style='empty'> <t>This<blockquote> This MAC algorithm was designed to take a shared secret (a password) and use it to compute a check value over a piece of information. The assumption is that, without the password, the correct check value cannot be computed. The algorithm computes the one-way function multiple times in order to slow down any dictionary attacks against the password value. The password used to compute this MACSHOULD NOT<bcp14>SHOULD NOT</bcp14> be used for any otherpurpose.</t> </list></t>purpose. </blockquote> </section> <sectionanchor="one-way-function"><name>One-Wayanchor="one-way-function" numbered="true" toc="default"> <name>One-Way Function</name> <t>Change the paragraph describing the "owf" as follows:</t> <t>OLD:</t><t><list style='empty'> <t>owf<blockquote> owf identifies the algorithm and associated parameters used to compute the key used in the MAC process. All implementationsMUST<bcp14>MUST</bcp14> supportSHA-1.</t> </list></t>SHA-1. </blockquote> <t>NEW:</t><t><list style='empty'> <t>owf<blockquote> owf identifies the algorithm and associated parameters used to compute the key used in the MAC process. All implementationsMUST<bcp14>MUST</bcp14> support SHA-256 <xreftarget="SHS"></xref>.</t> </list></t>target="SHS" format="default"/>. </blockquote> </section> <sectionanchor="iteration-count"><name>Iterationanchor="iteration-count" numbered="true" toc="default"> <name>Iteration Count</name> <t>Update the guidance on appropriate iteration countvalues.</t>values as follows:</t> <t>OLD:</t><t><list style='empty'> <t>iterationCount<blockquote> iterationCount identifies the number of times the hash is applied during the key computation process. The iterationCountMUST<bcp14>MUST</bcp14> be a minimum of 100. Many people suggest using values as high as 1000 iterations as the minimum value. The trade off here is between protection of the password from attacks and the time spent by the server processing all of the different iterations in deriving passwords. Hashing is generally considered a cheap operation but this may not be true with all hash functions in thefuture.</t> </list></t>future. </blockquote> <t>NEW:</t><t><list style='empty'> <t>iterationCount<blockquote> iterationCount identifies the number of times the hash is applied during the key computation process. The iterationCountMUST<bcp14>MUST</bcp14> be a minimum of 100; however, the iterationCountSHOULD<bcp14>SHOULD</bcp14> be as large as server performance will allow, typically at least 10,000 <xreftarget="DIGALM"/>.target="DIGALM" format="default"/>. There is atrade offtrade-off between protection of the password from attacks and the time spent by the server processing the iterations. As part of thattradeoff,trade-off, an iteration count smaller than 10,000 can be used when automated generation produces shared secrets with highentropy.</t> </list></t>entropy. </blockquote> </section> <sectionanchor="mac-algorithm"><name>MACanchor="mac-algorithm" numbered="true" toc="default"> <name>MAC Algorithm</name> <t>Change the paragraph describing the "mac" as follows:</t> <t>OLD:</t><t><list style='empty'> <t>mac<blockquote> mac identifies the algorithm and associated parameters of the MAC function to be used. All implementationsMUST<bcp14>MUST</bcp14> support HMAC-SHA1[HMAC].<xref target="HMAC"/>. All implementationsSHOULD<bcp14>SHOULD</bcp14> support DES-MAC andTriple- DES-MAC [PKCS11].</t> </list></t>Triple-DES-MAC <xref target="PKCS11"/>. </blockquote> <t>NEW:</t><t><list style='empty'> <t>mac<blockquote> mac identifies the algorithm and associated parameters of the MAC function to be used. All implementationsMUST<bcp14>MUST</bcp14> support HMAC-SHA256[HMAC].<xref target="HMAC"/>. All implementationsSHOULD<bcp14>SHOULD</bcp14> support AES-GMAC[AES][GMAC]<xref target="AES"/> <xref target="GMAC"/> with a 128-bitkey.</t> </list></t>key. </blockquote> <t>For convenience, the identifiers for these two algorithms are repeated here.</t> <t>The ASN.1 algorithm identifier for HMAC-SHA256 is defined in <xreftarget="RFC4231"/>:</t> <figure><artwork><![CDATA[target="RFC4231" format="default"/>:</t> <sourcecode name="" type="asn.1"><![CDATA[ id-hmacWithSHA256 OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) digestAlgorithm(2) 9 }]]></artwork></figure>]]></sourcecode> <t>When this object identifier is used in the ASN.1 algorithm identifier, the parametersSHOULD<bcp14>SHOULD</bcp14> be present. When present, the parametersMUST<bcp14>MUST</bcp14> contain a type of NULL as specified in <xreftarget="RFC4231"/>.</t>target="RFC4231" format="default"/>.</t> <t>The ASN.1 algorithm identifier for AES-GMAC <xreftarget="AES"/><xref target="GMAC"/>target="AES" format="default"/> <xref target="GMAC" format="default"/> with a 128-bit key is defined in <xreftarget="I-D.ietf-lamps-cms-aes-gmac-alg"/>:</t> <figure><artwork><![CDATA[target="RFC9044" format="default"/>:</t> <sourcecode name="" type="asn.1"><![CDATA[ id-aes128-GMAC OBJECT IDENTIFIER ::= { joint-iso-itu-t(2) country(16) us(840) organization(1) gov(101) csor(3) nistAlgorithm(4) aes(1) 9 }]]></artwork></figure>]]></sourcecode> <t>When this object identifier is used in the ASN.1 algorithm identifier, the parametersMUST<bcp14>MUST</bcp14> be present, and the parametersMUST<bcp14>MUST</bcp14> contain the GMACParameters structure as follows:</t><figure><artwork><![CDATA[<sourcecode name="" type="asn.1"><![CDATA[ GMACParameters ::= SEQUENCE { nonce OCTET STRING, length MACLength DEFAULT 12 } MACLength ::= INTEGER (12 | 13 | 14 | 15 | 16)]]></artwork></figure>]]></sourcecode> <t>The GMACParameters nonce parameter is the GMAC initialization vector. The nonce may have any number of bits between 8 and (2^64)-1, but itMUST<bcp14>MUST</bcp14> be a multiple of 8 bits. Within the scope of any GMAC key, the nonce valueMUST<bcp14>MUST</bcp14> be unique. A nonce value of 12 octets can be processed more efficiently, so that length for the nonce value isRECOMMENDED.</t><bcp14>RECOMMENDED</bcp14>.</t> <t>The GMACParameters length parameter field tells the size of the message authentication code in octets. GMAC supports lengths between 12 and 16 octets, inclusive. However, for use with CRMF, the maximum length of 16 octetsMUST<bcp14>MUST</bcp14> be used.</t> </section> </section> <sectionanchor="iana-considerations"><name>IANAanchor="iana-considerations" numbered="true" toc="default"> <name>IANA Considerations</name> <t>This documentmakeshas norequests of the IANA.</t>IANA actions.</t> </section> <sectionanchor="security-considerations"><name>Securityanchor="security-considerations" numbered="true" toc="default"> <name>Security Considerations</name> <t>The security of thepassword-basedPassword-Based MAC relies on the number of times the hash function is applied as well as the entropy of the shared secret (the password). Hardware support for hash calculation is available at very low cost <xreftarget="PHS"/>,target="PHS" format="default"/>, which reduces the protection provided by a high iterationCount value. Therefore, the entropy of the password is crucial for the security of thepassword-basedPassword-Based MAC function. In 2010, researchers showed that about half of the real-world passwords in a leaked corpus can be broken with less than 150 million trials, indicating a median entropy of only 27 bits <xreftarget="DMR"/>.target="DMR" format="default"/>. Higher entropy can be achieved by using randomly generated strings. For example, assuming an alphabet of 60characterscharacters, a randomly chosen password with 10 characters offers 59 bits of entropy, and 20 characters offers 118 bits of entropy. Using a one-time password also increases the security of the MAC, assuming that the integrity-protected transaction will complete before the attacker is able to learn the password with an offline attack.</t> <t>Please see <xreftarget="RFC8018"/>target="RFC8018" format="default"/> for security considerations related to PBMAC1.</t> <t>Please see <xreftarget="HMAC"/>target="HMAC" format="default"/> and <xreftarget="SHS"/>target="SHS" format="default"/> for security considerations related to HMAC-SHA256.</t> <t>Please see <xreftarget="AES"/>target="AES" format="default"/> and <xreftarget="GMAC"/>target="GMAC" format="default"/> for security considerations related to AES-GMAC.</t> <t>Cryptographic algorithms age; they become weaker with time. As new cryptanalysis techniques are developed and computing capabilities improve, the work required to break a particular cryptographic algorithm will reduce, making an attack on the algorithm more feasible for more attackers. While it is unknown howcryptoanalyticcryptanalytic attacks will evolve, it is certain that they will get better. It is unknown how much better they will become or when the advances will happen. For this reason, the algorithm requirements for CRMF are updated by this specification.</t> <t>When a Password-Based MAC is used, implementations must protect the password and the MAC key. Compromise of either the password or the MAC key may result in the ability of an attacker to undermine authentication.</t> </section><section anchor="acknowledgements"><name>Acknowledgements</name> <t>Many thanks to Hans Aschauer, Hendrik Brockhaus, Quynh Dang, Roman Danyliw, Lars Eggert, Tomas Gustavsson, Jonathan Hammell, Tim Hollebeek, Ben Kaduk, Erik Kline, Lijun Liao, Mike Ounsworth, Francesca Palombini, Tim Polk, Ines Robles, Mike StJohns, and Sean Turner for their careful review and improvements.</t> </section></middle> <back><references title='Normative References'> &RFC2119; &RFC8174; &RFC8018; &RFC4211; &I-D.ietf-lamps-cms-aes-gmac-alg;<references> <name>References</name> <references> <name>Normative References</name> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.2119.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8174.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.8018.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4211.xml"/> <reference anchor="RFC9044" target="https://www.rfc-editor.org/info/rfc9044"> <front> <title>Using the AES-GMAC Algorithm with the Cryptographic Message Syntax (CMS)</title> <author initials='R.' surname='Housley' fullname='Russ Housley'> <organization/> </author> <date month='May' year='2021'/> </front> <seriesInfo name="RFC" value="9044"/> <seriesInfo name="DOI" value="10.17487/RFC9044"/> </reference> <referenceanchor="AES" >anchor="AES"> <front> <title>Advancedencryption standardEncryption Standard (AES)</title><author ><author> <organization>National Institute of Standards and Technology</organization> </author> <date year="2001" month="November"/> </front> <seriesInfo name="FIPS PUB" value="197"/> <seriesInfo name="DOI"value="10.6028/nist.fips.197"/>value="10.6028/NIST.FIPS.197"/> </reference> <referenceanchor="GMAC" >anchor="GMAC"> <front> <title>Recommendation forblock cipher modes of operation: Galois CounterBlock Cipher Modes of Operation: Galois/Counter Mode (GCM) and GMAC</title> <author> <organization>National Institute of Standards and Technology</organization> </author>surname="Dworkin" initials="M."/> <dateyear="2007"/>year="2007" month="November"/> </front> <seriesInfo name="NIST Special Publication" value="800-38D"/> <seriesInfo name="DOI"value="10.6028/nist.sp.800-38d"/>value="10.6028/NIST.SP.800-38D"/> </reference> <referenceanchor="HMAC" >anchor='HMAC' target='https://www.rfc-editor.org/info/rfc2104'> <front> <title>HMAC: Keyed-Hashing for Message Authentication</title> <authorinitials="H." surname="Krawczyk"> <organization></organization> </author>initials='H.' surname='Krawczyk' fullname='H. Krawczyk'><organization /></author> <authorinitials="M." surname="Bellare"> <organization></organization> </author>initials='M.' surname='Bellare' fullname='M. Bellare'><organization /></author> <authorinitials="R." surname="Canetti"> <organization></organization> </author>initials='R.' surname='Canetti' fullname='R. Canetti'><organization /></author> <dateyear="1997" month="February"/>year='1997' month='February' /> </front> <seriesInfoname="RFC" value="2104"/>name='RFC' value='2104'/> <seriesInfoname="DOI" value="10.17487/RFC2104"/>name='DOI' value='10.17487/RFC2104'/> </reference> <referenceanchor="SHS" >anchor="SHS"> <front> <title>Secure HashStandard</title> <author >Standard (SHS)</title> <author> <organization>National Institute of Standards and Technology</organization> </author> <date year="2015"month="July"/>month="August"/> </front> <seriesInfo name="FIPS PUB" value="180-4"/> <seriesInfo name="DOI"value="10.6028/nist.fips.180-4"/>value="10.6028/NIST.FIPS.180-4"/> </reference> <referenceanchor="X680" >anchor="X680"> <front> <title>Information technology -- Abstract Syntax Notation One (ASN.1): Specification of basic notation</title><author ><author> <organization>ITU-T</organization> </author> <dateyear="2015"/>year="2015" month="August"/> </front> <seriesInfoname="Recommendation"name="ITU-T Recommendation" value="X.680"/> </reference> </references><references title='Informative References'><references> <name>Informative References</name> <referenceanchor="DMR" >anchor="DMR"> <front> <title>Password Strength: An Empirical Analysis</title> <author initials="M." surname="Dell'Amico"><organization></organization><organization/> </author> <author initials="P." surname="Michiardi"><organization></organization><organization/> </author> <author initials="Y." surname="Roudier"><organization></organization><organization/> </author> <date year="2010" month="March"/> </front> <seriesInfo name="DOI" value="10.1109/INFCOM.2010.5461951"/> </reference> <referenceanchor="DIGALM" >anchor="DIGALM"> <front> <title>Digitalidentity guidelines: authenticationIdentity Guidelines: Authentication andlifecycle management</title> <author >Lifecycle Management</title> <author> <organization>National Institute of Standards and Technology</organization> </author> <date year="2017" month="June"/> </front> <seriesInfo name="NIST Special Publication" value="800-63B"/> <seriesInfo name="DOI"value="10.6028/nist.sp.800-63b"/>value="10.6028/NIST.SP.800-63B"/> </reference>&RFC4231; &RFC6194;<xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.4231.xml"/> <xi:include href="https://xml2rfc.ietf.org/public/rfc/bibxml/reference.RFC.6194.xml"/> <referenceanchor="PHS" >anchor="PHS"> <front> <title>Energyefficient bitcoin miningEfficient Bitcoin Mining tomaximizeMaximize themining profit:Mining Profit: UsingdataData from 119bitcoin mining hardware setups</title>Bitcoin Mining Hardware Setups</title> <author initials="A." surname="Pathirana" fullname="Amila Pathirana"><organization></organization><organization/> </author> <author initials="M." surname="Halgamuge" fullname="Malka Halgamuge"><organization></organization><organization/> </author> <author initials="A." surname="Syed" fullname="Ali Syed"><organization></organization><organization/> </author> <date year="2019" month="November"/> </front><seriesInfo name="International<refcontent>International Conference on Advances in Business Management and InformationTechnology," value="pp 1-14"/>Technology, pp. 1-14</refcontent> </reference> <referenceanchor="PKCS11" >anchor="PKCS11"> <front><title>The Public-Key Cryptography Standards - PKCS<title>PKCS #11 v2.11: Cryptographic Token Interface Standard</title><author ><author> <organization>RSA Laboratories</organization> </author> <date year="2001"month="June"/>month="November"/> </front> </reference> <referenceanchor="TRANSIT" >anchor="TRANSIT"> <front> <title>Transitioning theuseUse ofcryptographic algorithmsCryptographic Algorithms andkey lengths</title> <author >Key Lengths</title> <author> <organization>National Institute of Standards and Technology</organization> </author> <date year="2019" month="March"/> </front> <seriesInfo name="NISTSP"Special Publication" value="800-131Ar2"/> <seriesInfo name="DOI" value="10.6028/NIST.SP.800-131Ar2"/> </reference> <reference anchor="WITHDRAW">target="https://www.nist.gov/news-events/news/2005/06/nist-withdraws-outdated-data-encryption-standard"> <front> <title>NIST Withdraws Outdated Data Encryption Standard</title><author ><author> <organization>National Institute of Standards and Technology</organization> </author> <date year="2005"month="June" day="02"/>month="June"/> </front> </reference> </references> </references> <section anchor="acknowledgements" numbered="false" toc="default"> <name>Acknowledgements</name> <t>Many thanks to <contact fullname="Hans Aschauer"/>, <contact fullname="Hendrik Brockhaus"/>, <contact fullname="Quynh Dang"/>, <contact fullname="Roman Danyliw"/>, <contact fullname="Lars Eggert"/>, <contact fullname="Tomas Gustavsson"/>, <contact fullname="Jonathan Hammell"/>, <contact fullname="Tim Hollebeek"/>, <contact fullname="Ben Kaduk"/>, <contact fullname="Erik Kline"/>, <contact fullname="Lijun Liao"/>, <contact fullname="Mike Ounsworth"/>, <contact fullname="Francesca Palombini"/>, <contact fullname="Tim Polk"/>, <contact fullname="Ines Robles"/>, <contact fullname="Mike StJohns"/>, and <contact fullname="Sean Turner"/> for their careful review and improvements.</t> </section> </back><!-- ##markdown-source: H4sIABwUb2AAA+1abXPbRpL+jl8xJVfdSVsEQ8iSLCl1V0dLtMVYbxHp9aZs 39UQGJIT4W0xABVG6/z2fbpnAII05XXuzrf5cKldiyRmevq9n+6B7/teqctY nYp+PMsKXc4Tcaf+WulCJSotjXibR7JUosxEOVdimJaqSFUp/tI97J2I22oS 61C8UUs8mRbSlEUVllWhxJkqSj3VIe0lesqU4koZI2dKvMqKRJZi9+zu6tWe JyeTQi1OBX37MhNelIWpTMBrVMhp6WtVTv1YJrnxwyKZ+hWv8mU8M37vhUdf TsV+bz/wewd+79gjZkB+eSpMGXl2tTkVB/tB4IVZalRqKnyHDMrTeXEq8kId Pn9xPC4qU+73eie9fU8WSp6KkQorsLn07tXyISui00Yx/jmx5nmmlGn0XzLO UvCQZl6uT8X7Mgs7wmRFWaipwadlQh8+ep6synlWnHrC9wT+0ynYuOuKi6wy sVryb1bwu8qYtZ+zYnYq/qxnOm6Y6ojLyzN+WKt2/Tk/gqWUKk/FYXAkwHKq zELHMWyVyYgXhFh5Ki4gVJSlHfHnvv01i1inwYue+16lJWn07Yi/q0Tq+FTM LYf/saCDjQq7YZZ4Xsp21wsFQcXdqzPo/cR9PA5eHNQfe8Gx+0iWoY9D/7zb NnZifKmMP0tkSNamJf3B6NTKXKtSNOq5xqFZKmMYycDZK7hkNhUjspAsIiPw V4xVOE+zOJtZ9biY2OlHC5mGKhIqDYtlTnSEcRvFLg7d2+H1ta/1Ah/OxApW hVZGp9Os5mXnejga74Doq+HtSAQnL3aeWHh+MzwVQa971Ns//i7VpuxOdW66 2IEFr6/6Z99A0n93ZO4UTIWgi5iSmGaFmMRZeA9/yOeqEAkcwBDRLFcFr6kZ eA1n10ackUdg4RUWit3XZ1d7fCqx3dLUDlT1pPyNoka34rjX858fR1+vKpN3 3R4suWiUtSEmP6C8pSL/Qpq5Tmcsa52i+tAtMg/lL4i4Rd2+++uC9aIr3hTy Ifx1eb99wVVXvFRxjPSx/Tmi/QxRWJbaa6kpODl54SPrbBceEQKfC3oHbWXs QBsIpuMX33GE9Q5IdaOLbxIdnFGUIAU2G9bjITikTPxV8XDc8w9+b0TQHiz5 y9Fx70n5huO3/nibD6Bi2YQEPy8bAYXvi/4E6VGGpRgt01L+Iq6z0i67SeHT /dF1N9irzxjlKrSFjhZAcxNpUBJTt2VDG09Zci3qTlFdIZGnawZtxjy/utsm 5IYj7cDTzuFp/9pPdJjtPLHotiuudDjXMJh+as1PXVSDKtKq2NmmvltpDNU+ WL5Q6ayc1wz1UzFIcl1AJzG+yHhptFnXQ8/vPX/KK4aDwUAMr1/dnN1c7XCm CHritshCpSKEqflHPhIEvZPvsB/bu7S3e3hwFJwcUlY+H77uX159w+x5jnpX goCOKHmUSzGr8DHWKK/1SXItszDNWE9VuAxRfROZIvsQ5lnXF5LA0Vcmy6Pn k9+dLLGnLrjPA1d7oTOuyLfbU8fKWSwwgbfFEj5RzjXQhFx3pX73syeb+69k fC+RSeKZTKqZWt8Pl9588tn5sUa0quizg5sfN0w1SFWBaFdTxK6GwsVEl2Gm U5HolKoBAG8if9GJ/lUx8nU/50U21WWthbeGfoOZpJgWWSIAaDbpzOE6D0j7 sEdZ5RtxcPIFtGARZe2SZ1k6VYizED6ZCgdLDKQULytD/mWgwtp52Kva6W3l tR1ylTwXwCmcbW/fnI0syNoaEnejvriUkwylPiMOt2lyDO3YRsCnRuCMcFI2 K2Q+X7aCpzYYHSieBYFY7CNUT0V7PfLmOLtXqUXTUwlhawKbKIvjYXzXvx4N x98goMdwVaNpN/sCJKwMbw7XuJV1u2JpoRsQMefCz+z8dL6j+BWjW7ILxWLw POgX+2Sad8Pxxfld/903EI/PfAfG0Ug9GHFTlcRqJM7JkwcrqLtd+6jpR4RK PB+1Urpa6XnjOeAfWrSKXdC1V6y7J5QminaPR/ALi726rvgvpQFL2xEZ4gHw Et7/ZFPq/U+aUmFsVcf5OvWQDblJ7FqJEx1FsfK8Zzi3yCLQJoYen2n6+umf oYddoNm97drw/jda9MdH14x9+tS18d5y/LaqRGuleEC+EjJHxswLTYdAleQ9 36M9fFALVXSIX7NGjBJlmgm0zTP0ENSUo34WoE2STcChF84zHVI59f5kYbw/ uugHOJg+f/r0+Aisi8NhAkAwMSk4nyxV2RGTqiQyxBT+n1ThnLpge5KMXbJd wFQsBNU/iMvHnA9GPqjjgU2XoA+pFppaocMjyvjcEpmmAX+AfeeWhy2yGAub Hx/rCK/PGRc6j5X/peOCYP/L5z2ISOWFCjmeHx9diuQT2DGtPzZWM23tl3PY nJWTbZiuzCK5BAke0pB7qymKTiQqLoBfg5fBC8F0ZuTZWBUojxZvPz6D6hPD gaM4hZLXGwDZtwA2HftXXN/w57vBj2+Hd4Nz+gy7X142H+wKD19u3l665/Rp tROA8GpwfW4341ex8dNV/yf8QcLzdm5ux8Ob6/7ljg2qdjyTeoANJuTOYByq JkVLUokJCz2xKePl2e2/pBOTfx8cWHeiWQfsyJ9p2EHxgTjm81DR46X7Cgdd kuaVLIiOjGMRypxApenQKQaxkwryYtLjSM/gtORMFN+3N7eeh56MVX/QDchH 2gG5sjlFEyB1NvXxv9vMGIQ9bdoFiT0vJ7BtyLIc7ZDeOKKN/0SkA/VLjtSC igKO4xie5+qkh3P5hJfw4qCV56AsAx3aVFEz+qLFKM1+2ENuLs8R4YwwsH0Y OUTdML+iWRnLDBqonCogPaXgWci4UuC/H8dERSeILDIgOybAEjmVqfI8K0oQ 9+tsy8kW+12ei1QpdYxo40aOPWF1NLnCmkim0f2B510P3v1zRSB3abNHNFbe cUBKf++c4yNOGW6S7/8EHk1WH0Hba4uaL5ryvbPkR3LRry9jbd89eNp3pdgk CVE5cxXotBTbSuIf5T/IpZhWqaXZ0q+kyWuiSnSonG8YupPS87qlpaCURNhr rLQZClsS6NY6XnPiNZwQ8drEK/JQ1TqguJWFZKjgef0o4k6SMD8AV4ZCFqMz KTewaVuE9RhiztfOEw82ZSGBWOcr5T1rBv2KLVFIbGJXNgT32JHTiA/T5bo+ w7kK762/imxB9VTkWoXMlV71ITaomJAxVZLXOYWshyIGvjJbo5tTOxY3ZQUq Wtk+hoiEMuUar2pOok10Uj8wbUs0PkE0kiouqegCGSe2n8KpEADiGUppEaVb mS5FpHmPLJDsylKG9zD8TKLLLG1maHmPjdu1DPD/Bvi/N4Blpfnx8yzrTLLC CURoouxKCl86NiPIKPKqyDPDNfcZQI3/DlK8qqXwzuYSGM/x4KK2xgN1jO5k D9MdypzTjGolAdhWgOLh0/WBs5ExWai58tIRyF6qMLVMbItW8aCkxo9cS0BS uqJuy8nWWkJU6nICSOUH6y78R2RxH+j7PQD/R5s+S3clYS8hPK++uwT9Jn1S Am73JM0evsqyrmPWs2ezhsluKiGtkgk8hPIvezD9NqeJOGGFHAjJzp8iQHXn CiS71YU9eSU3OezGaVzl4ZQ8OKOZUlIldFjQ62HDFblorjIKIFPNZtTDWUxu BSGHm+vZnP5iR29NHH5az7aIbDtuAOgjSh9TBpskzESVD0px0ILj0tXBjbpj i2kToK7UkWaoYtKYbcndrZ2FUKZaoU1CkTW9SE953lW22YWvIDXoBdYyF+5M 0lx9iQM+ZyrFjjhetnsuTpEyX11bUTvYYLoE4ewyGd3+ciZkbtiQdboytbNO K8Lc6+HxR3WS9W57c6PLfbTViFgWM/rQNo4quHhQ5DxoKISBPkgtcxrvE/IH FlESbhf0Os7BHh/toL2eFlj3kS2Xcq70uR+1zfqVrvS5H9X1YOU5lFIMZaXS ngOmmRnwQh3YZhZgBSQQj+oQcruTjepdUx+oXaOhXJZwxrNOV1sKGM7OSteq ubF+xfGoCOrlS85blPuaFx++spokMny6muDhfydVu9BzN7Vt5OyE/kJmbtJy M5IhGh/e09cPH5/Y6Lyv3lrPPXhuaUchRKT++cN7Ow758HE98v4I0qIQ/X55 +xDstZUMHz98/PD+Ne8mSjYDiWD/2J8A7CEbQOhXGc+RFirVdBPgIroWvWh6 DgDE8iHbmKt5hcoVK8FOD3AIT1x4PNPS2Ioek2tJ2B78rGZ9z9Ge8Vja++23 3zgTRv4cNqHxstt38/KHwdlYDM8H1+Phq+HgTpye/pt4BL1sN9gTiaLk6E+y aLm7v+cm3JXZPT7o7YnCyMjo3SB4fnhwsoe6QDWuiRasFyfiEx/tvaOQ5Hye TX4muNoSRZs1uPG00KxUr+UnqxTpel4Yl09yXztNpLoN7CAwUwlwioyMVMkw /Prt5SVPcLbMS0mHXe9rzNH4zOMjPtK88zXPPTcchl5M+sxc/+A1GjJjy4Z4 RMT4sKcM+HOm09KHGX1dVn65sp57L2g3ONprLJkVM5nqXzkWyOyzbLEb9PAh NFmx+7zeSheTK/se7AkwQsu/sZnrEtpYtS44T1mW9pNyblfPV7P1tczsdLqx mDQ4Gvz4dnB9NhCPtfAZVVr3383ZeDAWo/Hd8Pp1xy2w10tuAQhe2u/ng1f9 t5djmB9a8tYe0TnD6/HgNay2i+d/E8Fz+ueA/jmkf472rGLJ/TaYtPw0KrC9 ol0FHetSy9hZVCxgiqxwHabdR7BqLheKG6kVBOL5dQ0BjlnRu/v/eXSw5wd2 Sq/biKZpELHzmPdSAMKczsYmzGyA0SHMGHzfBqXlwrarNcEq1X+1U7X2YwZL +yILSyrTrs47RAF3onm411wVx0t6i8/CCGePetjTJgldtSbM3a36ddtXCoZv xvA7FcdW04bunx02StzsbOMVgtBdhVnmu9bR6iJTH7GC7xCTNB4cuQ0d7A1j NA0L0spFDRZJIpo0cF6hsb9VKd+JV4nnGCe11YQam3HxpPux/nWfLq4Zg9sS uHk7lsh7xbckhb2Aasoy7eUJt7vj2EJHNRcgm02IP2kGg81M8CkY7q1B/BYe pxh+UAR5rSUcYqvP2pjT2GziJjXcj9TX/q7Ykz75KMDmsIplc9pC6lhO4N/w Jmh+KZA1vDADon58vKW7rPp6B8cRrLSSroCzuxqKCA5LCy7XQb7XausKBT4c cNgQqIHdYCpEHkNoN27dUrT3hKJrDdIkOeV3fDqCUqks0HgV9uKC7/HoiolH mHMZT+urgkLJ2AfFOFp1deTTkpqLe+wLsyKvmsh013rsmzG9+0Ao3QsOe2h+ 4phhHNr7mH074jih7hJAI9Ig0BKcb172X9iUhL7l6o6blgtoURVevdCdKsO5 RnCwpm2TXSCSsgQkHPwnhyiphaMwJLSmfpGEATsez9uYCwgV53OJcCQGjtBV wJNkyOlAriiG88wQyKitwrIG7dXQ3ZQ2HZ40N4KOYVu89tdIu8VBcLy5uuve Y3FTc26wVpNwugFAgoCBjPO9zaiD9Tuikc82V4gGuh6b0TrfOStZn16rkNZv uZ2kDjdG4oN6yTEteOeOzxYbDowyQ7qRRbruphbwUOM4pRes3DbkjFvqR4lN 1b5UYl9uWA/XsgllifpSy15xbJKxl8us1vqG+SvptfDzJlEGcI6mQ3FfSbRG gXQj++QLKTP1vb1OnNDbhcjkFEmF1RsZ2TbFqUK2IRrSvaln34WkImmv4yO4 fIwSa29F7EiCDB3KXE50DAyAVhedDtKQSywwz319F8LsTuA99zSSRgOuKfkV 669CeK2pOHmFzXQdqg51yLBx6zS+Ws6FeQqdanIU0p69unYuxFBhrmMemBM2 TO9Tvj/NHhwHLHVJLLg5AzOgFllM0thdoSoc4rOuvbSLZooGRiWii3IerfTa 9PkFA/u8tcnZAow+WBgLZuuXuWgBylGeq9SlD0a5FHqZvRr+0l0TX81Tn1ff 0PJ4RDcNh0ULXYeft96iOfTc+axxTSqUIxfGol3q1i6zqEkVKNTkC4m2d1JK 8/x8LXJdUaHOm9oUQomoFIB5NWy3frW0oG6VD+BJVRrxqwObIIigQj8k5ccq si/BASPwdJRKA+yKzd4Fsg98HlmxAsTxLlQaFfpevATOu8dvpuP9WC1ToGmZ zjreXZbgdHxexvqh411KpM/BbAZn6HhjPDPiNdQiF4as4/2QpZJnRRcySQAb sEYngFNxrCZK3Xe8l9D6GxlV+DigU99Q1gJZ/XOViksts453pe+VuKlSUlM5 73ivCnaMkIwVZ8kEiNuSvc1ikBmmcJq7DJ5v3N5R+UM2T419i2GkwM24KlCZ PFfINQIPLjKtKMYWWj2w/VzwstLcO04TaNz7O3sfMqMdNAAA --></rfc>