[Cryptography] "Is FIPS 140-2 Actively harmful to software?"

Theodore Ts'o tytso at mit.edu
Wed Jun 25 07:06:46 EDT 2014


On Tue, Jun 24, 2014 at 11:54:51AM +0100, ianG wrote:
> 
> But, is it likely that they are working to the book?  In a fast moving
> software world, are the various USG users of (say) OpenSSL still using
> the FIPS approved versions?

I have fairly reliable information that the answer to this question is
"yes".  What I am not sure about is whether any of these users are
doing so on public facing hosts that are exposed to the public
internet or not, and how bug-ridden those ancient FIPS-certified
versions might be.

If any one of them were public-facing, and some critical government
agency were to suffer a highly public security incident that was
directly traceable to a well-known OpenSSL bug that has since been
fixed in a mainstream, non-FIPS version of OpenSSL, maybe that would
help be a final nail in the coffin of FIPS certification..... but
probably not.

Unfortunately, I have my doubts that even that would be enough, even
if it resulted in the head of NIST getting dragged in front of the
House or Senate Intelligence Committees....

						- Ted


More information about the cryptography mailing list