[Cryptography] "Is FIPS 140-2 Actively harmful to software?"

ianG iang at iang.org
Wed Jun 25 08:14:04 EDT 2014


On 25/06/2014 12:06 pm, Theodore Ts'o wrote:
> On Tue, Jun 24, 2014 at 11:54:51AM +0100, ianG wrote:
>>
>> But, is it likely that they are working to the book?  In a fast moving
>> software world, are the various USG users of (say) OpenSSL still using
>> the FIPS approved versions?
> 
> I have fairly reliable information that the answer to this question is
> "yes".  What I am not sure about is whether any of these users are
> doing so on public facing hosts that are exposed to the public
> internet or not, and how bug-ridden those ancient FIPS-certified
> versions might be.


Huh.  This is interesting!  So they err on the side of "culpable by
security" not "culpable by the book..."

So, a way to proceed would be to contact those people who do SSL
scanning (or grab their database) to measure the SSL versions in use
versus USG.gov sites.  Perhaps publish a USG vulnerability page, and see
if we can correlate that to the FIPS usage.

This would be very interesting info for OODA life cycles, which is
useful for reminding us how to build our protocols and distro them...
Would make for a nice undergrad level nice paper for some student...


> If any one of them were public-facing, and some critical government
> agency were to suffer a highly public security incident that was
> directly traceable to a well-known OpenSSL bug that has since been
> fixed in a mainstream, non-FIPS version of OpenSSL, maybe that would
> help be a final nail in the coffin of FIPS certification..... but
> probably not.


Change happens slowly, look to the IETF for precedent ;)

You'd probably need 3 incidents.  1 to warm things up, a second to
really push the message home, spread the fear, and a third so that the
culpable party is really culpable in the eyes of the witchhunters.


> Unfortunately, I have my doubts that even that would be enough, even
> if it resulted in the head of NIST getting dragged in front of the
> House or Senate Intelligence Committees....


If they are anything like the other committees then you're better off
not wasting your time.



iang


More information about the cryptography mailing list