3.2.1 What is DES?
DES, an acronym for the Data Encryption Standard, is the name of the Federal Information Processing Standard (FIPS) 46-3, which describes the data encryption algorithm (DEA). The DEA is also defined in the ANSI standard X3.92.
DEA is an improvement of the algorithm Lucifer developed by IBM in the early 1970s. While the algorithm was essentially designed by IBM, the NSA (see Question 6.2.2) and NBS (now NIST; see Question 6.2.1) played a substantial role in the final stages of the development. The DEA, often called DES, has been extensively studied since its publication and is the best known and widely used symmetric algorithm in the world.
The DEA has a 64-bit block size (see Question 2.1.4) and uses a 56-bit key during execution (8 parity bits are stripped off from the full 64-bit key). The DEA is a symmetric cryptosystem, specifically a 16-round Feistel cipher (see Question 2.1.4) and was originally designed for implementation in hardware. When used for communication, both sender and receiver must know the same secret key, which can be used to encrypt and decrypt the message, or to generate and verify a message authentication code (MAC). The DEA can also be used for single-user encryption, such as to store files on a hard disk in encrypted form. In a multi-user environment, secure key distribution may be difficult; public-key cryptography provides an ideal solution to this problem (see Question 2.1.3).
NIST (see Question 6.2.1) has re-certified DES (FIPS 46-1, 46-2, 46-3) every five years. FIPS 46-3 reaffirms DES usage as of October 1999, but single DES is permitted only for legacy systems. FIPS 46-3 includes a definition of triple-DES (TDEA, corresponding to X9.52); TDEA is "the FIPS approved symmetric algorithm of choice." Within a few years, DES and triple-DES will be replaced with the Advanced Encryption Standard (AES, see Section 3.3).