i've been writing up the local events and news section of the MSDN Flash newsletter that goes out via e-mail to developers across Southern California every other week.

lately, i've been including short articles in them (previewed here in advance) as plugs for my upcoming seminars. unfortunately, i've really been pushing the boundaries of what is acceptably late so you may not see the following article in Monday's issue. regardless, big props to the MSDN Flash editor, Brad, who is usually excessively, generously accomodating of my delinquencies.

Developer to developer…

Starting this month, security will be the sole subject of discussion for the entire afternoon of our MSDN Event seminars. While preparing for these on a conference call with my fellow presenters, a question arose about the correct pronunciation of the Rijndael encryption algorithm which led me to write this short article about it.


Rijndael link to http://csrc.nist.gov/CryptoToolkit/aes/rijndael/Rijndael.pdf

is important to know about because it was selected for the Advanced Encryption Standard (AES) as a Federal Information Processing Standards Publication (FIPS PUBS 197 link to http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf) approved symmetric cryptographic algorithm that can be used by Federal organizations to protect electronic data. This selection was made by the National Institute of Standards and Technology (NIST) under the auspices of the Department of Commerce, recognizing that the current most widely used encryption algorithm of the Data Encryption Standard (DES) is no longer adequately secure after decades of significant computational advances – DES was first introduced way back in 1977 and has been cracked in the DES Challenge competition by the Electronic Frontier Foundation (EFF) in just over twenty-two hours!


I won’t attempt a feeble explanation of how Rijndael works – hint, it is an iterated block cipher with a variable block length and a variable key length. If you’re interested, you may want to check out The Design of Rijndael, published by Springer-Verlag, ISBN 3-540-42580-2, which describes the algorithm along with implementation tricks, design strategy, cryptanalytic results, and more. With significantly larger key sizes than DES, NIST estimates that the AES will remain secure for decades but just in case, this will be reevaluated every five years …


So what’s in a name? The name Rijndael actually derives from an amalgam of the surnames of the two Belgian cryptographers that created it, Joan Daemen and Vincent Rijmen. Since this name is made up, pronunciations have been variously given as rhine-doll or rain-dahl.


Vincent Rijmen weighs in with his opinion on a Web page link to http://www.esat.kuleuven.ac.be/~rijmen/rijndael/ with pointers to lots of Rijndael references - it’s pronounced like you think it should be, if you happen to be Dutch, Flemish, Indonesian, Surinamer or South Aftrican. Otherwise, he writes “We’re not picky – as long as you make sound different from ‘Region Deal’”. He further notes that they came up with this name because “We were both fed up with people mutilating the pronunciations of the names ‘Daemen’ and ‘Rijmen’”. 


If you would like to find out more about security, please join me at one of my upcoming MSDN Events developer seminars link to http://www.msdnevents.com. I’ll also demonstrate some encryption and security threat mitigation coding techniques in abbreviated format in one of the modules in the Web track of DevDays 2004 link to http://www.microsoft.com/devdays at the Los Angeles Convention Center on March 15th.