Encryption method is a security risk

The standards body for the Internet has warned that archived data encoded using the Data Encryption Standard (Des) encryption standard is ripe for industrial espionage.

The Internet Engineering Task Force (IETF) declared in a working draft paper that Des should be considered a ?historical? standard and no longer be used because it offered weak protection against industrial espionage.

It describes archived data that is encrypted with Des as a ?ripe target? for attack because it is impractical to convert archived data to a more secure system and impossible to make sure that all Des encrypted copies have been destroyed.

Last month a US group using off-the-shelf technology costing $250,000 managed to break a Des encrypted message in less than three days as part of a challenge set by a security company.

The IETF said: ?Currently deployed equipment using Des should be eliminated ...Existing data depending on Des for confidentiality should be considered potentially compromised.?

Building a computer that could crack Des is now ?well within the abilities of various criminal organisations?, according to IETF area security director Jeff Schiller.

Matthew Bowcock, marketing director of electronic commerce security company Zergo, said that most legacy financial systems still use Des for simple encryption but that businesses would be ?crazy? to implement it in any new systems.

He agreed that archives originally encoded using Des would still be an ?interesting place to go attacking? if they contained sensitive data.

Bowcock recommends a more secure standard called triple Des.

? Report by Steve Ranger.