How important is FIPS 140-2 Level 1 cert?

[Paul Hoffman]

At 8:15 PM -0500 12/21/06, Saqib Ali wrote:
>>Assuming that the two products use Internet protocols (as compared to
>>proprietary protocols):
>
>I don't understand this statement. What do you mean by internet
>protocol vs proprietary protocol???

Now seeing what your company does, I can see where you might have 
that question. An overly-simple but sufficient answer comes from 
whether or not you need to be able to interoperate with other vendors 
over a non-secured network. If so, call it an "internet protocol". In 
your case (local disk encryption), it is fine to be proprietary.

>And also we are looking at FDE solutions, so there are no internet
>protocols involved in that.

Right.

>>no. Probably the only thing that could
>>differentiate the two is if the cheaper one has a crappy random
>>number generator, the more expensive one will have a good one.
>
>well I think FIPS 140-2 Level 1 ensures more than just a good PRNG.
>Even if a public crypto (e.g. AES) is used in a product, there are
>many mistakes that can be made during the implementation.

... and essentially all of those mistakes are caught by even mild 
interop testing. Again, this is not valid in your case. You could 
completely mis-implement AES and never know it, but a FIPS 140-2 test 
would find that.

>And FIPS
>140-2 Level 1 is expected to catch these egregious mistakes.

You can catch such mistakes for a lot less money than it will cost 
for a FIPS certificate. Assuming that you are using a standard 
encryption algorithm like AES, there are probably a dozen people on 
this mailing list who could sanity check your product's 
implementation of AES (and probably even of key storage) in less than 
50 hours of consulting time,

--Paul Hoffman, Director
--VPN Consortium

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com