[openssl-users] FIPS mode restrictions and DES

Jakob Bohm jb-openssl at wisemo.com
Fri Apr 10 18:07:07 UTC 2015

On 10/04/2015 17:01, jonetsu wrote:
>> From: jonetsu <jonetsu at teksavvy.com>
>> Date: 04/10/15 09:55
>> Is it possible to use DES_crypt() in OpenSSL FIPS mode ?  Some low
>> level non-EVP methods are allowed, I think.  The question comes from
>> seeing if it is possible to use the OpenSSL password() method in FIPS
>> mode.
> Hmmm...  In any case, trying to squeeze DES in a FIPS validation might be pushing it a bit.  Any drop-in replacement for the crypto() method in glibc2 (that supports SHA-256, SHA-512) ?
> Regards.
I see two possibilities without using any crypto outside
the FIPS validated functionality:

a) If triple DES (TDEA in NIST-speak) is included, then
you can emulate DES by repeating the same 56 bit key 2
or 3 times.  For instance if you need DES with the key
0x123456789ABCDE, you can just use 112 bit triple DES
with the key 0x123456789ABCDE123456789ABCDE or 168 bit
triple DES with the key
0x123456789ABCDE123456789ABCDE123456789ABCDE .  Then
with that problem solved, you can recreate the "unix
password"formula using the FIPS validated TDEA code
via EVP.

b) If triple DES is not included, then you will have to
use one of the modern password encodings found on Linux
and BSD.  Those use standard hashes such as MD5 (not
allowed!), SHA1 (possibly not allowed, at least not for
long), SHA-2-256 (clearly still allowed and probably in
the FIPS validated EVP API).  Then once again use the
EVP API to reimplement the formula found in libcrypt
(which uses a non-validated copy of the standard
algorithm and is thus not allowed).

Of cause it is possible that one of the large distributions
suchas Red Hat may have already done the footwork as part
ofcreating a US government edition of their Linux
distribution.For example I have heard rumors that most
federal US courtsuse a case management system running on
Red Hat, whichwould probably imply that they are using a
FIPS validatedimplementation of the Linux password
encoding formula.


Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

More information about the openssl-users mailing list