[openssl-users] Question about OpenSSL and FIPS 140-2 module
jb-openssl at wisemo.com
Thu Aug 4 16:26:02 UTC 2016
On 04/08/2016 17:53, Thomas Francis, Jr. wrote:
> I really should point out three things, though:
> 1) FIPS 140 compliance (from any software package) is always less secure than non-FIPS 140 compliant packages. By its nature, the validation process places software several months to years out of date, and no changes are allowed, even to address severe security problems. There are known security problems in at least some of the OpenSSL FIPS modules.
> 2) FIPS 140 compliance is _not_ about security. It’s about proving that specific algorithms are in use, for purposes of government auditing. Nothing in the compliance tests actually prove that, either. The algorithms must simply be able to produce the correct output for well-known inputs (that includes several runtime tests that also only prove it gives the right output for well-known inputs), and there must exist some sort of “proof” that the module has not been modified from the tested form. There’s nothing in there to prevent FIPS 140 validation of a module that stores all your keys and sends them to someone else, and there’s nothing in there to prevent FIPS 140 validation of a module that contains algorithms that only do the right thing for those well-known inputs. There are even approved algorithms that have been shown to be insecure, even when the software implements the algorithm correctly (see Dual EC DRBG).
> 3) Unless you’re required by regulation to have FIPS 140 compliance, you should avoid it like the plague it is. It’s less secure, and you’ll never be able to update your software in a timely manner (even if there were no security problems, which is unlikely). Given that you reference COTS instead of GOTS, I suspect you’re not working for a government agency that is required to comply with FIPS 140.
At least one public non-gov CA has made the mistake of putting
FIPS-140-2 compliance into one of their CP/CPS documents for
how non-gov certificate holders should store their private key.
Hopefully, this is an outlier, but it shows that FIPS 140-2
requirements sometimes sneak outside the USGOV context.
Jakob Bohm, CIO, Partner, WiseMo A/S. https://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users