Does Available Encryption Make Transactions Safe?
The Data Encryption Standard (DES), based on research at IBM's Thomas J. Watson Research Laboratory in the 1970s, was promulgated in 1977. DES uses a 56-bit key. In 1997 DES was publicly broken by a group of users, to show DES could be overpowered.
Educom Review September/October 1998, p. 8, citing The New York Times 17 July 1998, describes the successful cracking:
As Schneir suggests, there had long been concern that messages encrypted using DES could be decrypted by applying computers to break the key. As a result, the US National Institue for Standards and Technology is working on an encryption method called the Advanced Encryption Standard (AES). Based on keys of 128, 192 and 256 bits, AES would presumably requires so much computing power for so long to achieve a successful breach of encryption that it would be impossible as a practical matter to do so.
While AES is being perfected, an interim method has been proposed, called Triple DES. This provides for encrypting a message three times with three different keys of 56 bits each. But the concern of banks and financial institutions which might rely on such a standard remains real. In March 1998 researchers Eli Biham and Lars Knudsen, working in Israel and Norway, showed that in one of several modes there was at least a theoretical possibility of AES encryption being broken. [The New York Times, 31 March 1998.] Adjustments will be made.
The process of choosing AES involves a succession of consultations. NIST explains that "Near the end of Round 1, NIST will be holding a Second AES Candidate Conference to discuss results of the public evaluation and analysis of the Round 1 AES candidate algorithms. It will be held March 22-23, 1999, in Rome, Italy, at the Hotel Quirinale. Immediately after this conference, the Sixth Fast Software Encryption Workshop will be held at the same location." [NIST on Second AES Candidate Conference].