CISSP Study Guide: Advanced Encryption Standard (Rinjndael)

Because of its small key size of 56 bits, DES can no longer defend against coordinated brute-force attacks using modern cryptanalysis. The National Institute of Standards and Technology (NIST) has appointed the Advanced Encryption Standard to be the authorized Federal Information Processing Standard for all non-confidential communications by the U.S. government. NIST is also seeing applications in the private sector.

Rijndael was chosen by NIST from a group that included four other finalists: MARS, RC6, Serpent, and Twofish. NIST has successful defense against side-channel attacks such as power and timing-based attacks. These forms of attacks monitor the time it takes to encrypt a message or the slight changes in power usage during the encryption and decryption processes. These attacks are sophisticated enough that hackers can obtain keys used by the device.

Rijndael uses iterative rounds like the International Data Encryption Algorithm. A hashing algorithm is used to secure data integrity. A hash is a one-way mathematical function (OWF) that creates a fixed-sized value. Common hash algorithms currently in use:

• MD4: Produces a 128 bit message digest very fast, appropriate for medium security usage.
• MD5: Produces a 128 bit message digest, fast more secure than MD4, and widely used.
• SHA-1: Produces a 160 bit message digest, standard for the U.S. government, but slower than MD5.