upvote

points

by usui4 hours ago |
comments
upvoteby ongy4 hours ago|
next
[-]
Crypto wise, fips is outdated but not horrible.

Actual fips compliant (certified) gives you confidence in some basic competence of the solution.

Just fips compatible (i.e. picking algos that could be fips compliant) is generally neutral to negative.

I'm not 100% up to date, so that might have changed, but AEAD used to be easier if you don't follow fips than fips compatible. Still possible, but more foot guns due to regulatory lag in techniques.

Overall, IMO the other top-level comment of "only fips if you have pencil pusher benefit" applies.

reply
upvoteby loeg4 hours ago|
prev|
next
[-]
There is no security advantages or technical grounds for using FIPS algorithms in a WireGuard clone instead of Chacha / Blake2. It's purely a compliance move. ChaPoly, Blake2, etc, are not known to be broken and we have every reason to believe they are strong.
reply
upvoteby briandw4 hours ago|
prev|
next
[-]
My limited understanding is that issues like being vulnerable to side channel attacks are very difficult to detect. So you have to have shown that the entire development process is safe. From the code to the compiler to the hardware to the microcode, it all needs to be checked. That said it does seem like compliance is a bigger priority than safety.
reply
upvoteby IncRnd3 hours ago|
prev|
next
[-]
If you're considering whether to use a FIPS 140-3 module for your cryptography, consider that FIPS 140-3 is really only for specific compliance verticals. If you don't know whether you need it, you probably don't need it.

So, along those lines, if you wonder whether a package's cryptography should be FIPS 140-3 compliant, then the real question is whether you are a vertical that needs to be compliant. Again, if you aren't sure, the answer is likely NO.

reply
upvoteby derektank1 hours ago|
parent|
[-]
>Again, if you aren't sure, the answer is likely NO.

Likely no, I agree. But I think there are probably a lot of companies selling enterprise software that later attempt to solicit a FedRAMP authorization that would benefit from planning ahead and building a compliant version from the jump. Worth considering and having a conversation internally.

reply
upvoteby some_furry3 hours ago|
prev|
next
[-]
No.

Getting a crypto module validated by FIPS 140-3 simply lets you sell to the US Government (something something FedRAMP). It doesn't give you better assurance in the actual security of your designs or implementations, just verifies that you're using algorithms the US government has blessed for use in validated modules, in a way that an independent lab has said "LGTM".

You generally want to layer your compliance (FIPS, etc.) with actual assurance practices.

reply
upvoteby alfanick4 hours ago|
prev|
next
[-]
I presume it's a product strategy to provide a box of "compliant" libraries/services, so other companies can quickly tick and sign a checkbox saying "we use compliant VPN", because someone else is going to look whether the checkbox is ticked and signed, because someone else is going to...
reply
upvoteby NewJazz4 hours ago|
parent|
[-]
You failed to answer the question. Why did you reply?
reply
upvoteby tptacek4 hours ago|
prev|
[-]
No, there are not.
reply