Editing Data Encryption Standard (section)

== Replacement algorithms ==
{{more citations needed section|date=November 2009}}
Concerns about security and the relatively slow operation of DES in [[software]] motivated researchers to propose a variety of alternative [[block cipher]] designs, which started to appear in the late 1980s and early 1990s: examples include [[RC5]], [[Blowfish (cipher)|Blowfish]], [[International Data Encryption Algorithm|IDEA]], [[NewDES]], [[Secure and Fast Encryption Routine|SAFER]], [[CAST5]] and [[FEAL]]. Most of these designs kept the 64-bit [[block size (cryptography)|block size]] of DES, and could act as a "drop-in" replacement, although they typically used a 64-bit or 128-bit key. In the [[Soviet Union]] the [[GOST 28147-89]] algorithm was introduced, with a 64-bit block size and a 256-bit key, which was also used in [[Russia]] later.

Another approach to strengthening DES was the development of '''Triple DES (3DES)''', which applies the DES algorithm three times to each data block to increase security. However, 3DES was later deprecated by NIST due to its inefficiencies and susceptibility to certain cryptographic attacks.

To address these security concerns, modern cryptographic systems rely on more advanced encryption techniques such as RSA, ECC, and post-quantum cryptography. These replacements aim to provide stronger resistance against both classical and quantum computing attacks.

A crucial aspect of DES involves its '''permutations and key scheduling''', which play a significant role in its encryption process. Analyzing these permutations helps in understanding DES's security limitations and the need for replacement algorithms. A detailed breakdown of DES permutations and their role in encryption is available in this analysis of Data Encryption Standards Permutations.<ref>{{Cite web |date=2025-03-24 |title=Data Encryption Standard {{!}} DES 64-bit Permutations |url=https://vividorigins.com/data-encryption-standards-des-permutations/ |access-date=2025-03-25 |language=en-US}}</ref>

DES itself can be adapted and reused in a more secure scheme. Many former DES users now use [[Triple DES]] (TDES) which was described and analysed by one of DES's patentees (see [[Federal Information Processing Standard|FIPS]] Pub 46–3); it involves applying DES three times with two (2TDES) or three (3TDES) different keys. TDES is regarded as adequately secure, although it is quite slow. A less computationally expensive alternative is [[DES-X]], which increases the key size by XORing extra key material before and after DES. [[GDES]] was a DES variant proposed as a way to speed up encryption, but it was shown to be susceptible to differential cryptanalysis.

On January 2, 1997, NIST announced that they wished to choose a successor to DES.<ref>{{Cite web|url=http://csrc.nist.gov/archive/aes/pre-round1/aes_9701.txt|title = Announcing Development of FIPS for Advanced Encryption Standard &#124; CSRC|date = 10 January 2017}}</ref> In 2001, after an international competition, NIST selected a new cipher, the [[Advanced Encryption Standard]] (AES), as a replacement.<ref>http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf November 26, 2001.</ref> The algorithm which was selected as the AES was submitted by its designers under the name [[Rijndael]]. Other finalists in the NIST [[AES competition]] included [[RC6]], [[Serpent (cipher)|Serpent]], [[MARS (cryptography)|MARS]], and [[Twofish]].