IETF Logo Mail Archive

Re: [saag] Algorithms/modes requested by users/customers

Jack Lloyd <lloyd@randombit.net> Tue, 19 February 2008 18:10 UTC

Received: from fort-point-station.mit.edu (FORT-POINT-STATION.MIT.EDU [18.7.7.76]) by pch.mit.edu (8.13.6/8.12.8) with ESMTP id m1JIAjIC019859 for <saag@PCH.mit.edu>; Tue, 19 Feb 2008 13:10:45 -0500
Received: from mit.edu (M24-004-BARRACUDA-2.MIT.EDU [18.7.7.112]) by fort-point-station.mit.edu (8.13.6/8.9.2) with ESMTP id m1JI9iqK002398 for <saag@mit.edu>; Tue, 19 Feb 2008 13:09:44 -0500 (EST)
Received: from mail.randombit.net (lain.randombit.net [66.179.181.40]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mit.edu (Spam Firewall) with ESMTP id 90BEAF7263F for <saag@mit.edu>; Tue, 19 Feb 2008 13:09:22 -0500 (EST)
Received: by mail.randombit.net (Postfix, from userid 501) id 2BB153B60F7; Tue, 19 Feb 2008 13:09:24 -0500 (EST)
Date: Tue, 19 Feb 2008 13:09:24 -0500
From: Jack Lloyd <lloyd@randombit.net>
To: saag@mit.edu
Message-ID: <20080219180923.GE7163@randombit.net>
Mail-Followup-To: saag@mit.edu
References: <p06240804c3de211f0592@[10.20.30.162]> <p06240504c3e09559649c@[192.168.0.102]> <p06240804c3e0ad5d1fa4@[10.20.30.152]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <p06240804c3e0ad5d1fa4@[10.20.30.152]>
X-PGP-Fingerprint: 3F69 2E64 6D92 3BBE E7AE 9258 5C0F 96E8 4EC1 6D6B
X-PGP-Key: http://www.randombit.net/pgpkey.html
User-Agent: Mutt/1.5.11
X-Spam-Score: 0
X-Spam-Flag: NO
X-Scanned-By: MIMEDefang 2.42
Subject: Re: [saag] Algorithms/modes requested by users/customers
X-BeenThere: saag@mit.edu
X-Mailman-Version: 2.1.6
Precedence: list
List-Id: IETF Security Area Advisory Group <saag.mit.edu>
List-Unsubscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=unsubscribe>
List-Archive: <http://mailman.mit.edu/pipermail/saag>
List-Post: <mailto:saag@mit.edu>
List-Help: <mailto:saag-request@mit.edu?subject=help>
List-Subscribe: <http://mailman.mit.edu/mailman/listinfo/saag>, <mailto:saag-request@mit.edu?subject=subscribe>
X-List-Received-Date: Tue, 19 Feb 2008 18:10:45 -0000

On Tue, Feb 19, 2008 at 08:18:24AM -0800, Paul Hoffman wrote:

> - Some of the tests are fairly subjective, and it becomes a game of 
> fixing code to please the testing service, not to make the product 
> more secure.
[...]
> - The system introduces silly modes that make the systems more complicated.

I have no experience with the purchasing side, but in my experience
doing FIPS 140 validations, we often had to ask vendors to include
hooks for testing that, from any objective standpoint, made the system
less secure. And because the tests must be made on the same
firmware/software as the as-shipped one (not in a special test/debug
mode), that increased the attack surface of some of these devices
greatly. I will fondly remember the validation where I found several
exploitable buffer overflows in an HSM that had already passed two
previous validations - all the holes were found in the hooks used for
FIPS-140 testing.

The tests that require the RNG be able to seeded with fixed data
always seeemed particularly troublesome/dangerous to me.

Obvious disclaimer: Anecdotes are not data - I just thought a
relatively concrete example might be relevant to the discussion at
hand.

-Jack

v2.23.0 | Report a Bug | By Email