DES Key Size

Henry Corrigan-Gibbs filed this request with the National Security Agency of the United States of America.
Tracking #


Due Jan. 24, 2018
Est. Completion None
Awaiting Response


From: Henry Corrigan-Gibbs

To Whom It May Concern:

This is a request under the Freedom of Information Act. I hereby request the following records:

I request access to and copies of all information pertaining to the NSA's attempt in the 1970s to convince IBM to shorten the key size of the Data Encryption Standard (DES) to 48 bits from the original 64 bits.

The key size issue is raised in a document released in a prior FOIA request (requested by Mr. John L. Young, FOIA Case: 60251, Release dated: 18 December 2009). The citation for the document describing the key size issue is:
American Cryptology during the Cold War, 1945-1989
Book III: Retrenchment and Reform, 1972-1980
Series VI, Volume 5, Book III
One version of this document is published at:
A version with different redactions is published in the Stanford Archives:
In a discussion about the design of DES, the document (page 232 in the original) states:
"Narrowing the encryption problem to a single, influential algorithm might drive out competitors,
and that would reduce the field that NSA had to be concerned about. NSA worked closely with IBM
to strengthen the algorithm against all except brute force attacks and to strengthen substitution
tables, called S-boxes. Conversely, NSA tried to convince IBM to reduce the length of the key
from 64 to 48 bits. Ultimately, they compromised on a 56-bit key."
I am requesting any and all records relevant to the NSA's efforts to convince IBM to reduce the key length of the DES cipher.

Please waive any and all applicable fees. Per 32 C.F.R. 286.28(d), “furnishing the information is likely to contribute significantly to public understanding of the operations or activities of the Department of Defense and is not primarily in the commercial interest of the requester.”
Disclosure of the requested information is in the public interest. This request will further public understanding of government conduct as it relates to the development and standardization of cryptographic algorithms for use by the public at large. American citizens and businesses rely on cryptographic algorithms developed by the U.S. government (such as DES—the subject of this FOIA request) to maintain the integrity and confidentiality of their communications. and thus these government activities implicate basic privacy and associational rights protected by the Constitution.

Moreover, disclosure of the requested information will aid the public understanding of future cryptographic standardization efforts by the U.S. government (e.g., updates to the “Suite B” cryptographic algorithms). Government agencies that have the dual goals of collecting signals intelligence on foreign targets and of safeguarding domestic computer systems face a conflict of interest when it comes to designing cryptographic standards: publishing strong cryptographic algorithms could make the task of intelligence collection more difficult, while publishing deliberately weakened algorithms could render the task of safeguarding domestic systems more difficult. It is in the public benefit to understand how the Department of Defense has grappled with this tension in the past, as the same tension exists today.

The records requested are not sought for commercial use, and I plan to disseminate the information disclosed as a result of this FOIA request to the public at no cost.

In the event that my fee waiver request under 32 C.F.R. 286.28(d) is denied, as I am a member of an educational institution, please waive all fees except duplication charges in excess of 100 pages, per 32 C.F.R. 286.28(e)(ii)(B).

In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.

Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.


Henry Corrigan-Gibbs

From: National Security Agency

An acknowledgement letter, stating the request is being processed.