Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [fips-140]

FIPS 140-2 is a U.S. government computer security standard used to accredit cryptographic modules.

The Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS PUB 140-2)[1, 2], is a U.S. government computer security standard used to accredit cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001 and was last updated December 3, 2002.

47 questions
30
votes
4 answers

Why is FIPS 140-2 compliance controversial?

I was reading the comments of an article about a proposed new implementation of /dev/random in Linux today, and someone remarked that it must be bothersome to go through 43 revisions and still not have your patch landed. A few comments down the line…
Newbyte
  • 427
  • 4
  • 12
25
votes
3 answers

FIPS 140-2 Compliant Algorithms

Is there any reference to check the list of encryption & signing algorithms which are compliant to FIPS 140-2. After an exhaustive search I could find only "AES". Any suggestions would be much appreciated.
Siva Arunachalam
  • 353
  • 1
  • 3
  • 6
11
votes
2 answers

RSA Private Exponent Generation according to FIPS 186-4 in openssl v1

I guess this is more of a math problem in a cryptography context so I apologize beforehand if it is not the right place to ask. Basically I have to check whether a certain implementation of RSA key-pair generation adheres to FIPS 186-4. More…
Farzad Sadeghi
  • 113
  • 6
10
votes
2 answers

Will our app be FIPS 140-2 compliant if we use our own AES algorithm implementation?

We are in the processing to understand if our software applications is FIPS 140-2 compliant or not. Currently in our application, we are using our own implementation of AES algorithm. AES is a FIPS 140-2 compliant algorithm. The question would be…
windfly2006
  • 245
  • 2
  • 8
9
votes
1 answer

"Seed" vs "seed key"

The FIPS 140-2 Derived Test Requirements has a statement: AS07.09: (Levels 1, 2, 3, and 4) The seed and seed key shall not have the same value. What is the difference between a seed and a "seed key"?
Dan Bossler
  • 91
  • 2
8
votes
2 answers

Is FIPS 140-2's "Continuous random number generator test" practical?

Section 4.9.2 of FIPS PUB 140-2 specifies, amongst other things, a "Continuous random number generator test." Here are the relavant bits: If each call to a[n] RNG produces blocks of n bits (where n > 15), [...] Each subsequent generation of an…
Xor
  • 265
  • 2
  • 6
6
votes
1 answer

OpenSSL FIPS integrity check

As far as I know, FIPS requires a set of self tests (POST) to verify the cryptographic algorithms permitted and the integrity of the module. These tests are performed at run-time, so OpenSSL does a HMAC-SHA1 of the code loaded in memory and compares…
Guille
  • 63
  • 3
6
votes
1 answer

What is the major difference between FIPS 186-2 and FIPS 186-4?

Can anyone please tell me the major difference between FIPS 186-2 and FIPS 186-4? I know with FIPS 140-2 they want the DSS standard to be FIPS 186-4, but what difference does it make?
H4X
  • 163
  • 1
  • 4
6
votes
2 answers

How long does it take to extract a key from a FIPS-140 Level 2 device?

How long does it take to extract a key from a FIPS-140 Level 2 device? What records are there of successful extraction? How much did the first extraction from a given device cost? How much would a subsequent extraction cost? Dr. Google is…
William Whyte
  • 856
  • 6
  • 8
5
votes
2 answers

Converting a C25519 curve into a NIST-supported curve for FIPS crypto

If I have a cryptosystem based on C25519 ECC crypto, is it possible to use the same public/private key pairs for key agreement in a FIPS compliant way by deterministically converting C25519 public and private keys into keys under some other ECC…
Adam Ierymenko
  • 916
  • 6
  • 20
5
votes
1 answer

Where in the FIPS documents is it stated that SHA-1 is not secure?

SHA-1 has not been secure for a very long time, but I still can see it here. Where in the FIPS documents did it state that SHA-1 is not secure?
Michael
  • 153
  • 1
  • 6
5
votes
2 answers

Randomness test question from FIPS 140-1 and comparison with 140-2

In FIPS 140-1 there are 4 statistical random number generator tests (The Monobit Test, The Poker Test, The Runs Test and The Long Runs Test. Then FIPS 140-2 came along and supposedly tightened the criteria for these tests. I'll provide a short…
user3428187
  • 53
  • 1
  • 4
4
votes
4 answers

Why did Google Cloud accept a lower FIPS 140-2 Level compared to IBM Cloud?

FIPS 140-2 is a standard which handles cryptographic modules and the ones that organizations use to encrypt data-at-rest and data-in-motion. FIPS 140-2 has 4 levels of security, with level 1 being the least secure, and level 4 being the most…
WJA
  • 227
  • 1
  • 3
  • 7
4
votes
1 answer

Are RSA-PSS parameters standardized?

I wish to agree with a 3rd party on using RSA-PSS algorithm for a implementing a Digital Signature Scheme. I want to avoid selection of RSA parameters like salt length, hash algorithm etc at my side and share the required configuration…
user76827
  • 41
  • 2
4
votes
2 answers

Could a C25519/ED25519 cryptographic module be FIPS certified?

NIST algorithms include ECDH and ECDSA. NIST also specifies curves. Is the use of NIST curves required for FIPS certification or could other curves theoretically be certified if someone were willing to do the work?
Adam Ierymenko
  • 916
  • 6
  • 20
1
2 3 4