Re: How important is FIPS 140-2 Level 1 cert?

[levinson_k () securityadmin info]

FIPS certification is only one of many factors that might indicate how secure a system will be in actual use, and 
unless you're in the US Federal government, it is arguably not one of the most useful things you should be looking at.

All four FIPS 140-2 levels can mean much the same thing, depending on what the product and situation are.  All levels 
appear to have the same requirements for the strength of the crypto module implementation, key exchange, etc.  Higher 
levels reference some things that you may not care about, such as hardware intrusion detection / prevention such as 
seals on the hardware if there is any hardware, or whether it runs under a NIAP Common Criteria-rated Operating System. 
 (NIAP CC being another rating that does not always translate into a product being "more secure.")  You start seeing 
what the various levels test for on page 12 of the following link:

http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

Like NIAP Common Criteria, FIPS certification is probably expensive and time consuming for the vendor, so that the 
products that get it would tend to be older products from larger, more monolithic companies, which may not necessarily 
guarantee you're getting superlative security.

The FIPS rating does not rate all of the configurations of the device, but one possible non-default configuration that 
CAN optionally be enabled.  So you might end up not using the system in a FIPS-compliant configuration.  FIPS says 
nothing about how secure the product is in the default or most common configuration, or whether the product performs at 
an acceptable speed when FIPS-compliant options are used.  As FIPS rates the crypto implementation, it says little to 
guarantee that there won't be a significant non-crypto vulnerability in the OS or the way you implement it that could 
compromise security.

With MS Windows, for example, you probably don't want to enable "FIPS-compliant encryption mode," because an older, 
weaker encryption algorithm will be used for EFS disk encryption, rather than newer, stronger but uncertified 
protocols. Windows is FIPS rated, but that FIPS rating goes out the window if the OS is compromised because it's 
missing a security patch.  

Note that people use non-FIPS compliant encryption every day for all kinds of Internet financial transactions when they 
use SSL for web browsing.  If you were able to use a FIPS-certified implementation of TLS encryption instead, you're 
still theoretically vulnerable to man-in-the-middle attacks (a big weakness here being that many encryption 
implementations go out the window if a user clicks OK on the pop-up saying that there may be a problem with the SSL, 
SMIME, PGP or SSH certificate).  I'm not sure there's even a web browser that is FIPS 140-2 certified yet, but that 
doesn't say much about whether your browser of choice is or isn't safe. 

Bottom line, make sure you know what FIPS certification does and doesn't guarantee.  I'm not sure I would pay double 
for a product that might be less secure than the cheaper solution, depending on how exactly it's implemented.  But then 
that also depends on your security needs and your tolerance for various kinds of risk, so there's no one universal 
answer that is true for all.

kind regards,
Karl Levinson
http://securityadmin.info