.
In comparison, DES keys are 56 bits long, which means there are approximately 7.2 x 1016 possible DES keys. Thus, there are on the order of 1021 times more AES
In the late 1990s, specialized "DES Cracker" machines were built that could recover a DES key after a few hours. In other words, by trying possible key values, the hardware could determine which key was used to encrypt a message. Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149
Table 3. Methods of Encryption and Their Associated Keys4
| Encryption |
|
| Bits in |
|
| Number of Possible Keys |
|
|
|
|
|
|
| |||
|
|
|
| Key |
|
|
|
|
| DES | 56 |
| 256 = 72,057,594,037,927,900 |
| |||
|
|
|
|
|
| |||
| AES | 128 |
| 2128 = 340,282,366,920,938,000,000,000,000,000,000,000,000 |
| |||
|
|
|
|
|
|
|
|
|
According to NIST, the Rijndael algorithm was chosen for the following reasons:
“When considered together, Rijndael's combination of security, performance, efficiency, ease of implementation and flexibility make it an appropriate selection for the AES.
Specifically, Rijndael appears to be consistently a very good performer in both hardware and software across a wide range of computing environments regardless of its use in feedback or
Additionally, it appears that some defense can be provided against such attacks without significantly impacting Rijndael's performance. Rijndael is designed with some flexibility in terms of block and key sizes, and the algorithm can accommodate alterations in the number of rounds, although these features would require further study and are not being considered at this time. Finally, Rijndael's
3Advanced Encryption Standard Fact Sheet, Computer Security Division, National Institute of Standards & Technology, January 19, 2001.
4Security Complete, Adapted from Active Defense, by Chris Brenton with Cameron Hunt.
7
