Data Encryption Standard (DES)

Contributor(s): Michael Cobb, Laura Biasci, Lyne Granum, and Frank Rundatz

The Data Encryption Standard (DES) is an outdated symmetric-key method of data encryption.

DES works by using the same key to encrypt and decrypt a message, so both the sender and the receiver must know and use the same private key. Once the go-to, symmetric-key algorithm for the encryption of electronic data, DES has been superseded by the more secure Advanced Encryption Standard (AES) algorithm.

Originally designed by researchers at IBM in the early 1970s, DES was adopted by the U.S. government as an official Federal Information Processing Standard (FIPS) in 1977 for the encryption of commercial and sensitive yet unclassified government computer data. It was the first encryption algorithm approved by the U.S. government for public disclosure. This ensured that DES was quickly adopted by industries such as financial services, where the need for strong encryption is high. The simplicity of DES also saw it used in a wide variety of embedded systems, smart cards, SIM cards and network devices requiring encryption like modems, set-top boxes and routers.

Content Continues Below

DES key length and brute-force attacks

The Data Encryption Standard is a block cipher, meaning a cryptographic key and algorithm are applied to a block of data simultaneously rather than one bit at a time. To encrypt a plaintext message, DES groups it into 64-bit blocks. Each block is enciphered using the secret key into a 64-bit ciphertext by means of permutation and substitution. The process involves 16 rounds and can run in four different modes, encrypting blocks individually or making each cipher block dependent on all the previous blocks. Decryption is simply the inverse of encryption, following the same steps but reversing the order in which the keys are applied. For any cipher, the most basic method of attack is brute force, which involves  trying each key until you find the right one. The length of the key determines the number of possible keys -- and hence the feasibility -- of this type of attack. DES uses a 64-bit key, but eight of those bits are used for parity checks, effectively limiting the key to 56-bits. Hence, it would take a maximum of 2^56, or 72,057,594,037,927,936, attempts to find the correct key.

Even though few messages encrypted using DES encryption are likely to be subjected to this kind of code-breaking effort, many security experts felt the 56-bit key length was inadequate even before DES was adopted as a standard. (There have always been suspicions that interference from the NSA weakened IBM's original algorithm). Even so, DES remained a trusted and widely used encryption algorithm through the mid-1990s. However, in 1998, a computer built by the Electronic Frontier Foundation (EFF) decrypted a DES-encoded message in 56 hours. By harnessing the power of thousands of networked computers, the following year EFF cut the decryption time to 22 hours.

Apart from providing backwards compatibility in some instances, reliance today upon DES for data confidentiality is a serious security design error in any computer system and should be avoided. There are much more secure algorithms available, such as AES. Much like a cheap suitcase lock, DES will keep the contents safe from honest people, but it won't stop a determined thief.

Successors to DES

Encryption strength is directly tied to key size, and 56-bit key lengths have become too small relative to the processing power of modern computers. So in 1997, the National Institute of Standards and Technology (NIST) announced an initiative to choose a successor to DES; in 2001, it selected the Advanced Encryption Standard as a replacement. The Data Encryption Standard (FIPS 46-3) was officially withdrawn in May 2005, though Triple DES (3DES) is approved through 2030 for sensitive government information. 3DES performs three iterations of the DES algorithm; if keying option number one is chosen, a different key is used each time to increase the key length to 168 bits. However, due to the likelihood of a meet-in-the-middle attack, the effective security it provides is only 112 bits. 3DES encryption is obviously slower than plain DES.

Legacy of DES

Despite having reached the end of its useful life, the arrival of the Data Encryption Standard served to promote the study of cryptography and the development of new encryption algorithms. Until DES, cryptography was a dark art confined to the realms of military and government intelligence organizations. The open nature of DES meant academics, mathematicians and anyone interested in security could study how the algorithm worked and try to crack it. As with any popular and challenging puzzle, a craze -- or in this case, a whole industry -- was born.


This was last updated in November 2014

Continue Reading About Data Encryption Standard (DES)

Dig Deeper on Disk and file encryption tools

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Are there situations where using DES is acceptable because the risk of brute-force attacks is either minimal or overhyped?
This question brings to mind the use of those dummy security cameras you can buy online or at any big box store. They look just like the real thing, but are essentially just an empty box with a battery and blinking light. They act as a deterrent through purely psychological means. Do they work? Probably. In some cases; only the criminals know for sure.

Similarly, using any type of encryption could have the same effect of deterring a would-be attacker. Most criminals are lazy and go after the low-hanging fruit: the unlocked car, the password sent in clear text, the easy money sitting out in the open. Seeing encryption, they just might move onto an easier mark.

Different situations require different approaches to security; there is no "one size fits all" security solution. It's a matter of assessing risk, a whole science in itself. Low risk targets with non-sensitive data probably could rely safely on DES. There are probably even situations where you could get away with ROT-13.

Unless there is some compelling reason, such as backward compatibility with some critical application or the like, the question is why bother? Use a more modern, and more secure cipher.

Read Security Corner for more practical security advice.
Is this article dated before 2005!?! Some sort of historical flashback?


DES was withdrawn as a standard in 2005; and, the AES replacement was officially adopted in 2001.

This article sounds as if the DES is still officially with us and AES is still coming and the govt is still restricting/inhibiting encryption export.

For example:

"the U.S. government has prevented export of the encryption software": NOT true for YEARS now. IBM and other encryption vendors fought long and hard to ease the export restrictions.

Better (or basic) editorial review is needed.
The SearchSecurity editors actually just recently worked with the WhatIs team to update this definition. Be sure to clear your cache in you don't see the updated version dated November 2014 (at the bottom of the definition, but above these comments).
The "Successors to DES" misstates the functionality of tripleDES:

There are 3 keying options. Option 1 uses 3 DIFFERENT keys, for an effective key strength of 3 X 56 = 168 bits, not 112.

tripleDES does NOT "use a different key each time", necessarily. Key Options 2 and 3 use (respectively) 2 and 1 key; not 3.

For definitions (eg, cryptography), why doesn't TechTarget simply reference the appropriate wikiPedia entries?
It's basically which systems you are using. If you decide to stay with a simpified system, which does not carry a lot of sensitive data then DES still can be applied to local systems.
a) Why DES requires an even number of iterations?
b) Why we do not mix the columns in the last round of AES?
c) What if we mix the columns in last round and use AES as irreversible algorithm?
d) What if, we do not use ASCII in symmetric key cryptography? Will it be convenient? Why
OR why not?
e) Why we follow standards for encryption? What if we design our own standards?
f) Can we use Asymmetric key for symmetric algorithm? Why OR why not?

File Extensions and File Formats

Powered by: