> I am rather confused why people need to drop out of FIPS mode. The > Federal Information Processing Standard dictates that FIPS-validated > cryptography be used for everything that requires cryptographic > transformation for storage (or really anything that enters or leaves > the cryptograpic security boundary). > > -Kyle H
In many cases, FIPS actually results in (you might reasonably think, at least) reduced security. It's not unusual to have three settings: A) Non-FIPS, where even algorithms too weak to qualify for FIPS use are allowed so long as they are still believed to be secure when used the way they are being used. For example, SSLv3 would usually be allowed in this mode. This might be less secure (and probably is) but might be secure enough for what you're doing. B) FIPS, where all FIPS rules are followed. There may be reduced functionality in this mode, you may not be able to interoperate in all the ways you might want to. Performance might be lower. C) Quasi-FIPS. All FIPS rules are followed, except where it is genuinely believed that these rules reduce security or are unreasonably impractical. For example, obvious bugfixes might be allowed, even if the code hadn't been re-FIPS checked. In the case of OpenSSL, you might allow changes to optimization or code generation flags. An "obviously correct" optimized SHA1 algorithm might be used, even if it hasn't been approved yet. (Or if it wasn't selected for the platform due to a detection bug.) The idea would be that you use mode A if you don't care about FIPS, mode C if you must be comply with the letter of FIPS, and mode B if you care about FIPS, but not to the point where you will let it hurt you. There are good reasons you might need B mode while you have a connection to a source that absolutely requires it, and then want to drop back into A or C mode. Note that I am not saying mode C is always better than mode B and the only reason to pick B is a hard 'legal' requirement. Mistakes can be made in optimization or "obvious bug fixes" and code building errors can be induced by compiler flag changes. One of the benefits of the FIPS process is the value of expert judgments about security made by actual experts. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
