subject:"Re\: \[openssl\-users\] Custom Random number generation while in Fips mode"

Re: [openssl-users] Custom Random number generation while in Fips mode

2016-07-28 Thread Thomas Francis, Jr.


> On Jul 28, 2016, at 11:00 AM, pratyush parimal  
> wrote:
> 
> Hi Thomas,
> 
> Thanks for your response! It clears up matters a lot :)
> 
> There's one thing that I thought of though -- even though I'm generating the 
> salt via non-OpenSSL means, the actual function that I'm using for hashing is 
> "SHA512" from FIPS OpenSSL.
> Does the mere usage of salt that was generated via a non-FIPS-recommended 
> approach violate my compliance ?

You used what is typically considered a cryptographic function (some form of 
RNG) from a source other than your cryptographic module running in approved 
mode.  Unless you can fully justify that use as for non-cryptographic purposes, 
your product is not complying with FIPS 140.  Given that it’s a salt for 
hashing passwords, I think you’ll have a really hard time convincing customers 
and auditors that the salt generation is for non-cryptographic purposes.  After 
all, if that’s not cryptographic, why didn’t you use something more 
deterministic (like a counter, or a user name) for the salt?

> I understand what you mean by "I'm not an auditor or a lawyer" , but I'd 
> still appreciate your opinion / experience in the matter :)

In my limited experience, auditors are not computer security experts.  They’re 
smart people, but they tend to fall back on very simple guidelines when it 
comes to things outside their own expertise (like what’s a cryptographic 
algorithm, and what’s a cryptographic purpose).  You might be able to get away 
with it, but I wouldn’t want to stake a sale on it.  Especially not if there 
are penalties attached for failing an audit.

TOM

> Thanks,
> Pratyush.
> 
> On Thu, Jul 28, 2016 at 10:23 AM, Thomas Francis, Jr. 
>  wrote:
> 
> > On Jul 27, 2016, at 8:18 PM, pratyush parimal  
> > wrote:
> >
> > Hi all,
> >
> > I work on a consumer application which is striving to be fips-140-2 
> > compliant.
> >
> > I'm using OpenSSL as recommended in the fips guide by invoking 
> > fips_mode_set(). However, in certain parts of the same application, I'm 
> > using my own non-OpenSSL random number generator to generate salts for 
> > hashing passwords for the app user accounts(I'm not using RAND_bytes).
> >
> > Does anyone know if using my custom random number generator in this way 
> > violates the app's fips compliance?
> 
> That’s almost certainly a violation.  There might be a few edge cases where 
> it is not, but they’re very unlikely.  To determine if you’re even close to 
> such cases, ask: Does the RNG I’m using come from another FIPS 140 validated 
> cryptographic module?  Am I using that module in approved mode?  Am I using 
> that module according to its security policy?  Do I have explicit permission 
> from the customers’ auditors to mix two modules in my product?
> 
> If the answer to all of those questions is yes, you _might_ be OK, for now.  
> A few auditors (in the past, anyway) considered it OK to mix modules, while 
> other auditors say no.  My own reading of FIPS 140-2 is that you may not mix 
> modules.  But I’m not an auditor or a lawyer. :)
> 
> The other question to ask is: can I clearly explain that the use of the 
> non-approved RNG is for non-cryptographic purposes, and easily justify that 
> explanation?  Given what you said about why you’re using it, I’m pretty sure 
> the answer to that one is “no”. :)  And even if you could, that’s still a 
> very weak argument to be making to your customers’ auditors, who may decide 
> it’s still not allowed even if they agree it’s for non-cryptographic purposes.
> 
> > Am I really supposed to be using
> > RAND_bytes for compliance reasons?
> 
> Yes.
> 
> > Thanks in advance!
> > Pratyush.
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Custom Random number generation while in Fips mode

2016-07-28 Thread pratyush parimal

Hi Thomas,

Thanks for your response! It clears up matters a lot :)

There's one thing that I thought of though -- even though I'm generating
the salt via non-OpenSSL means, the actual function that I'm using for
hashing is "SHA512" from FIPS OpenSSL.
Does the mere usage of salt that was generated via a non-FIPS-recommended
approach violate my compliance ?

I understand what you mean by "I'm not an auditor or a lawyer" , but I'd
still appreciate your opinion / experience in the matter :)

Thanks,
Pratyush.

On Thu, Jul 28, 2016 at 10:23 AM, Thomas Francis, Jr. <
thomas.francis...@pobox.com> wrote:

>
> > On Jul 27, 2016, at 8:18 PM, pratyush parimal <
> pratyush.pari...@gmail.com> wrote:
> >
> > Hi all,
> >
> > I work on a consumer application which is striving to be fips-140-2
> compliant.
> >
> > I'm using OpenSSL as recommended in the fips guide by invoking
> fips_mode_set(). However, in certain parts of the same application, I'm
> using my own non-OpenSSL random number generator to generate salts for
> hashing passwords for the app user accounts(I'm not using RAND_bytes).
> >
> > Does anyone know if using my custom random number generator in this way
> violates the app's fips compliance?
>
> That’s almost certainly a violation.  There might be a few edge cases
> where it is not, but they’re very unlikely.  To determine if you’re even
> close to such cases, ask: Does the RNG I’m using come from another FIPS 140
> validated cryptographic module?  Am I using that module in approved mode?
> Am I using that module according to its security policy?  Do I have
> explicit permission from the customers’ auditors to mix two modules in my
> product?
>
> If the answer to all of those questions is yes, you _might_ be OK, for
> now.  A few auditors (in the past, anyway) considered it OK to mix modules,
> while other auditors say no.  My own reading of FIPS 140-2 is that you may
> not mix modules.  But I’m not an auditor or a lawyer. :)
>
> The other question to ask is: can I clearly explain that the use of the
> non-approved RNG is for non-cryptographic purposes, and easily justify that
> explanation?  Given what you said about why you’re using it, I’m pretty
> sure the answer to that one is “no”. :)  And even if you could, that’s
> still a very weak argument to be making to your customers’ auditors, who
> may decide it’s still not allowed even if they agree it’s for
> non-cryptographic purposes.
>
> > Am I really supposed to be using
> > RAND_bytes for compliance reasons?
>
> Yes.
>
> > Thanks in advance!
> > Pratyush.
> >
> > --
> > openssl-users mailing list
> > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
>
-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Custom Random number generation while in Fips mode

2016-07-28 Thread Thomas Francis, Jr.

> On Jul 27, 2016, at 8:18 PM, pratyush parimal  
> wrote:
> 
> Hi all,
> 
> I work on a consumer application which is striving to be fips-140-2 compliant.
> 
> I'm using OpenSSL as recommended in the fips guide by invoking 
> fips_mode_set(). However, in certain parts of the same application, I'm using 
> my own non-OpenSSL random number generator to generate salts for hashing 
> passwords for the app user accounts(I'm not using RAND_bytes).
> 
> Does anyone know if using my custom random number generator in this way 
> violates the app's fips compliance?

That’s almost certainly a violation.  There might be a few edge cases where it 
is not, but they’re very unlikely.  To determine if you’re even close to such 
cases, ask: Does the RNG I’m using come from another FIPS 140 validated 
cryptographic module?  Am I using that module in approved mode?  Am I using 
that module according to its security policy?  Do I have explicit permission 
from the customers’ auditors to mix two modules in my product?

If the answer to all of those questions is yes, you _might_ be OK, for now.  A 
few auditors (in the past, anyway) considered it OK to mix modules, while other 
auditors say no.  My own reading of FIPS 140-2 is that you may not mix modules. 
 But I’m not an auditor or a lawyer. :)

The other question to ask is: can I clearly explain that the use of the 
non-approved RNG is for non-cryptographic purposes, and easily justify that 
explanation?  Given what you said about why you’re using it, I’m pretty sure 
the answer to that one is “no”. :)  And even if you could, that’s still a very 
weak argument to be making to your customers’ auditors, who may decide it’s 
still not allowed even if they agree it’s for non-cryptographic purposes.

> Am I really supposed to be using 
> RAND_bytes for compliance reasons?

Yes.

> Thanks in advance!
> Pratyush.
> 
> -- 
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

-- 
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

Re: [openssl-users] Custom Random number generation while in Fips mode

Re: [openssl-users] Custom Random number generation while in Fips mode

Re: [openssl-users] Custom Random number generation while in Fips mode

3 matches

Site Navigation

Mail list logo

Footer information