----- Forwarded message from Richard Salz <rsalz us.ibm.com> -----
From: Richard Salz <rsalzus.ibm.com>
Date: Wed, 19 Jul 2006 01:09:12 -0400
To: openssl-devopenssl.org
Cc: jmwoss-institute.org
Subject: Re: FIPS 140-2 Validation Revoked
X-Mailer: Lotus Notes Release 7.0 HF144 February 01, 2006
Reply-To: openssl-devopenssl.org
I wish to make it very clear that in this message I am
speaking solely as
an individual, and do not represent my employer or its views
in any way at
all.
> We don't know the full story behind this yet, and
perhaps never will. As
> John Weathersby noted in the article, "This is
not about technology".
This is baloney.
The "boundary" around the formerly-validated
code was completely wrong --
a simple analysis showed that code within the "FIPS
container" called code
outside the container. A sample program showed how this led
to trivial
breaks in security. I have seen a document that had this
analysis, and
included a sample program that printed all private keys to
the screen and
when asked for random numbers always returned the same
value. I know this
document was given to the module authors and the validation
lab. The
authors ignored this and also convinced the validation lab
to ignore it.
The lab (I'm really glad they're not a subsidiary of my
employer any more)
trusted the vendor; had they performed the most basic due
diligence --
compile the program! -- they would have seen that the code
should not have
passed. Hell, 'nm fipscanister.o | fgrep U' would have
shown it!
There were other problems as well. For example, the DES/3DES
self-test did
not test encryption. Even worse, the implementation tested
isn't the one
used by the public API's. (OpenSSL includes multiple
DES/3DES
implementations.)
Open source is not magic pixie dust that allows you to
ignore basic
reality. The certified code had serious flaws that were
known to the
parties involved in certification, yet they went ahead
anyway. CMVP did
the right thing. Can you imagine the damage that could have
been done if
either critical systems were built using that code, or if a
true enemy of
the open source movement published the sample code after it
had widespread
use?
It greatly saddens me to say this, but unless there are
significant
changes in the process and/or participants, I will continue
to advise
anyone who wants to rely on a FIPS-ccertified OpenSSL that
it is not safe
to do so.
/r$
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
Development Mailing List
openssl-devopenssl.org
Automated List Manager
majordomoopenssl.org
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl
</a> http://leitl.org
____________________________________________________________
__
ICBM: 48.07100, 11.36820 http://www.ativel.com
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29
F6BE
|