Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Joshua Hill
On Thu, Dec 13, 2007 at 08:29:47PM -0500, Thor Lancelot Simon wrote: In fact, I was in the middle of a FIPS-140 certification at level 2 a number of years ago when the Known Answer Test for the X9.17 block cipher based PRNG was introduced. One unanticipated side effect of this test was to

Re: Flaws in OpenSSL FIPS Object Module

2007-12-14 Thread Joshua Hill
On Fri, Dec 14, 2007 at 01:27:57PM -0500, Thor Lancelot Simon wrote: The PRNG test which requires DT to be run as a monotonic counter is, in fact, a known-answer test. The variable seed test portion of CAVS testing specifies a DT of 0 in all cases and only one round is run for each seed, so

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-10 Thread Joshua Hill
On Mon, Jul 09, 2007 at 04:08:33PM -0600, Darren Lasko wrote: However, it seems pretty nebulous about how they expect you to measure the number of operations required to compromise the security of the key generation method. Do you know what kind of documentation the labs require? The

Re: FIPS 140-2, PRNGs, and entropy sources

2007-07-08 Thread Joshua Hill
On Sat, Jul 07, 2007 at 10:53:17PM -0600, Darren Lasko wrote: 1) Can a product obtain FIPS 140-2 certification if it implements a PRNG from NIST SP 800-90 (and therefore is not listed in FIPS 140-2 Annex C)? If not, will Annex C be updated to include the PRNGs from SP 800-90? The PRNGs in

Re: NCipher Takes Hardware Security To Network Level

2003-10-06 Thread Joshua Hill
In fact, if you're clever, you can manage to not trouble yourself to get the key-management, etc. certified, getting only the simple, symmetric-cipher stuff run through the process. You can, but that doesn't mean that it's ok. Key management is explicitly covered under FIPS 140-2. If you

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-06 Thread Joshua Hill
On Fri, Sep 05, 2003 at 06:02:10PM -0400, Wei Dai wrote: In fact they wouldn't even validate Crypto++ as a static library despite an earlier verbal agreement that a static library was ok. It had to be turned into a DLL at the last moment (i.e. during the review phase). That's unfortunate.

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Joshua Hill
On Fri, Sep 05, 2003 at 01:32:21PM -0400, Anton Stiglic wrote: If I'm not mistaken, this would be the first free, open-source, crypto library that has FIPS 140 module certification! I believe that this is incorrect. The two open-source projects that I'm aware of that have FIPS 140 certs

Re: PRNG design document?

2003-08-27 Thread Joshua Hill
On Mon, Aug 25, 2003 at 09:15:00PM -0400, Thor Lancelot Simon wrote: 1) Various entities have already had various versions of OpenSSL FIPS-140-2 certified. The stock OpenSSL generator is neither the ANSI X9.31 A.2.4 generator (which is, indeed, identical to an interpretation of the ANSI