[Cryptography] "Is FIPS 140-2 Actively harmful to software?"
Theodore Ts'o
tytso at mit.edu
Fri Jun 20 15:05:02 EDT 2014
On Fri, Jun 20, 2014 at 04:30:22PM +0200, Dirk-Willem van Gulik wrote:
> In my day to day job, I, and my customers, are highly dependent on
> the various tokens, talismans and good blessings of these
> standards. No matter how crap - it is better than nothing - and
> provides helpful abstractions behind with a professional can
> re-mediate what is needed w.r.t. quality; the fact that the
> situation is not quite that what is covered by the rule, etc.
I think you're beggin the question here. I don't think there's any
good proof that FIPS certification is indeed better than nothing.
When you look examples such as the Taiwan's "Citizen Digital
Certificate" which used FIPS certified smartcards, but which *still*
had a crap random number generator, and Apple's "do not modifiy a
single line of this file, not even a comment or else we will need to
pay hundreds of thousands of dollars of certification fees", those are
two strong suggestions that in fact, FIPS may be worse than nothing.
The first showed that it FIPS certification did not have the benefits
you would think, and the second shows active harm done by FIPS
certification.
The net result of that is when someone complained to me that LibreSSL
removed FIPS compliance as a feature, my response was, "if this means
they are able to clean up their code faster, 'good riddance to bad
rubbish'."
Cheers,
- Ted
More information about the cryptography
mailing list