Fwd: How important is FIPS 140-2 Level 1 cert?

["Saqib Ali" <docbook.xml () gmail com>]

The following excellent post by Karl Levinson appeared on
Security-Basics mailing list:

---------- Forwarded message ----------

FIPS certification is only one of many factors that might indicate how
secure a system will be in actual use, and unless you're in the US
Federal government, it is arguably not one of the most useful things
you should be looking at.

All four FIPS 140-2 levels can mean much the same thing, depending on
what the product and situation are.  All levels appear to have the
same requirements for the strength of the crypto module
implementation, key exchange, etc.  Higher levels reference some
things that you may not care about, such as hardware intrusion
detection / prevention such as seals on the hardware if there is any
hardware, or whether it runs under a NIAP Common Criteria-rated
Operating System.  (NIAP CC being another rating that does not always
translate into a product being "more secure.")  You start seeing what
the various levels test for on page 12 of the following link:

http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf

Like NIAP Common Criteria, FIPS certification is probably expensive
and time consuming for the vendor, so that the products that get it
would tend to be older products from larger, more monolithic
companies, which may not necessarily guarantee you're getting
superlative security.

The FIPS rating does not rate all of the configurations of the device,
but one possible non-default configuration that CAN optionally be
enabled.  So you might end up not using the system in a FIPS-compliant
configuration.  FIPS says nothing about how secure the product is in
the default or most common configuration, or whether the product
performs at an acceptable speed when FIPS-compliant options are used.
As FIPS rates the crypto implementation, it says little to guarantee
that there won't be a significant non-crypto vulnerability in the OS
or the way you implement it that could compromise security.

With MS Windows, for example, you probably don't want to enable
"FIPS-compliant encryption mode," because an older, weaker encryption
algorithm will be used for EFS disk encryption, rather than newer,
stronger but uncertified protocols. Windows is FIPS rated, but that
FIPS rating goes out the window if the OS is compromised because it's
missing a security patch.

Note that people use non-FIPS compliant encryption every day for all
kinds of Internet financial transactions when they use SSL for web
browsing.  If you were able to use a FIPS-certified implementation of
TLS encryption instead, you're still theoretically vulnerable to
man-in-the-middle attacks (a big weakness here being that many
encryption implementations go out the window if a user clicks OK on
the pop-up saying that there may be a problem with the SSL, SMIME, PGP
or SSH certificate).  I'm not sure there's even a web browser that is
FIPS 140-2 certified yet, but that doesn't say much about whether your
browser of choice is or isn't safe.

Bottom line, make sure you know what FIPS certification does and
doesn't guarantee.  I'm not sure I would pay double for a product that
might be less secure than the cheaper solution, depending on how
exactly it's implemented.  But then that also depends on your security
needs and your tolerance for various kinds of risk, so there's no one
universal answer that is true for all.

kind regards,
Karl Levinson
http://securityadmin.info

saqib
http://www.full-disk-encryption.net
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://lists.immunitysec.com/mailman/listinfo/dailydave