The National Institute of Standards and Technology picked an encryption algorithm developed by two Belgians as the new government advanced encryption standard that replaces a standard developed 23 years ago.
After conducting a three-year international competition, NIST chose the "Rijndael" algorithm, which provides up to 256-bit encryption capabilities, far above the current data encryption standard of 56-bit. The algorithm will be published in the Federal Register for a comment period of up to 90 days, before it becomes the official government standard.
"We are very pleased the U.S. government has finally upgraded its encryption standard," said Bruce Heiman, executive director of Americans for Computer Privacy. "Encryption is an essential component to information security."
The standard is not required to be used by any government agency or the private sector, but NIST expects many government agencies and the banking industry to quickly adopt the standard. The two Belgian writers of the algorithm also have made no request for royalties or a patent and are making it free for the world to use.
Kawika Daguio, CEO of Oscrypto Fintegrity Solutions, a securities and banking security firm, said the beauty of a no-cost algorithm is that it can be incorporated into strong encryption software products for free.
Daguio also said it was important that NIST chose an algorithm developed by two non-U.S. citizens to ensure the perception that NIST's encryption standard wasn't one that had been developed by the National Security Administration, and hence breakable by U.S. government surveillance agencies.
"One of the nice things about picking an algorithm developed by a non-U.S. team is there isn't fear that the NSA played a role in the algorithm's development," he said.
The U.S. government's choice of a foreign algorithm also signals further thawing of resistance to encryption export controls, said NIST Director Ray Kammer. The U.S. government resisted until late 1999, making any changes in its strict encryption export regulations and is planning in days to make more changes to its rules to relax encryption exports.
"The choice of a foreign-developed encryption algorithm is proof, if we still needed proof, that excellent encryption technology is widely available around the world and unilateral export controls are simply counterproductive," Heiman said.
NEXT STORY: New fiscal year brings new benefits