The RNG in openssl-fips-1.2 is compliant with ANS X9.31, therefore it is OK for
use through 2015 (although "deprecated" in the language of SP 800-131).
Adding a SP 800-90 RNG (sorry, RBG) to OpenSSL isn't too hard, given that
there's an open-source implementation which passes NIST's test vectors;
however, as Peter Waltenberg noted in a previous message, SP 800-90 puts more
emphasis on the entropy source.
FIPS 140-2 requires a non-deterministric entropy source for cryptographic
modules; any OpenSSL-based module should already have some sort of NDRNG
interface, capable of seeding OpenSSL with some random bits. By 2015, such
modules would need to demonstrate that sufficient seed is provided.
Yair
-----Original Message-----
From: [email protected] [mailto:[email protected]] On
Behalf Of Thomas Francis, Jr.
Sent: Monday, October 04, 2010 15:54
To: [email protected]
Subject: RE: [openssl.org #2355] Support for SHA2 ciphersuite in TLS
That's a rather old statement. The latest draft of SP 800-131
(http://csrc.nist.gov/publications/drafts/800-131/draft-sp800-131_spd-june2010.pdf)
is a _lot_ more relaxed, and even the early draft referenced at the page below
did not require any changes that would require TLS v1.2. Applications built on
OpenSSL should no longer use SHA-1 (or 1024-bit or smaller RSA keys or 2-key
3DES) for digital signatures (or general encryption). Since OpenSSL supports
the algorithms suggested for replacement at the end of 2010, application
vendors should be able to provide government agencies with newer software that
avoids the algorithms that NIST (and OMB?) are saying should be avoided. It
should be noted that the latest draft of SP 800-131 allows continued use of
those algorithms until 2013 (or 2015 for encryption), so vendors are not
required to provide updates before the end of this year.
There's some fuzziness* with regards to RNGs in OpenSSL, and if they are fully
compatible with the current guidance from NIST or not, but again, you have
until 2015 to replace RNGs.
I hope this helps to clarify priorities a little bit.
TOM
* The "fuzziness" is only in that I've seen a couple of queries about which, if
any, of the RNGs in OpenSSL are compliant (compatible?) with NIST SP 800-90 or
ANSI X9.62-2005, and haven't seen any responses. If someone can clarify that,
I'd certainly appreciate it. If not, I'll end up doing the research myself
sometime prior to 2015, as we're one of those application vendors I mention
above. :)
> -----Original Message-----
> From: [email protected] [mailto:owner-openssl-
> [email protected]] On Behalf Of Sasha Matison via RT
> Sent: Monday, October 04, 2010 4:22 AM
> Cc: [email protected]
> Subject: [openssl.org #2355] Support for SHA2 ciphersuite in TLS
>
> Hello,
>
>
>
> What is the current plan to support TLSv1.2 in OpenSSL? NIST issued a
> statement requiring federal government to switch to SHA2 family of hash
> functions after 2010:
>
>
>
> Quote from http://csrc.nist.gov/groups/ST/toolkit/secure_hashing.html:
>
>
>
> "Federal agencies should stop using SHA-1 for digital signatures,
> digital time stamping and other applications that require collision
> resistance as soon as practical, and must use the SHA-2 family of hash
> functions for these applications after 2010."
>
>
>
> Regards,
>
>
>
> Sasha Matison
> ca
> Manager, Software Engineering
> Tel: +1-508-628-8379
> Mobile: +1-508-395-6958
> [email protected]
> <mailto:[email protected]> <http://www.ca.com/>
>
>
________________________________
This email and any files transmitted with it are confidential material. They
are intended solely for the use of the designated individual or entity to whom
they are addressed. If the reader of this message is not the intended
recipient, you are hereby notified that any dissemination, use, distribution or
copying of this communication is strictly prohibited and may be unlawful.
If you have received this email in error please immediately notify the sender
and delete or destroy any copy of this message
:��I"Ϯ��r�m�����
(����Z+�7�zZ)���1���x���h����W^��^��%�����&jם.+-1�ځ��j:+v�������h�
