Re: [saag] Algorithms/modes requested by users/customers

[pgut001@cs.auckland.ac.nz (Peter Gutmann)]

"Steven M. Bellovin" <smb@cs.columbia.edu> writes:

>FIPS-140 is mostly about assurance of security, and not just correctness of
>the crypto.

Is it about assurance of security, or assurance of production of paperwork
showing the certification conditions have been met?  There have been plenty of
security advisories issued for CC and FIPS-140 evaluated products (and even
more not publicised but silently fixed in a certification-voiding manner).

>Given the really bad mistakes we've all seen -- things that would be caught
>by any decent outside evaluation -- what is the alternative? What is the
>*assurance* a customer has that the product is adequately secured?

Politician's Fallacy again: Is FIPS 140 really the best way to spend your
money?  If FIPS 140 is the answer now, why wasn't the Orange Book the answer
then?  What about giving the money to (picking a random name) Cigital and
saying "make sure this code is OK"?  What about giving the money to Dan
Bernstein and saying "implement this and make it secure"?  What about having
the code written by Germans and pen-tested by the French? [0].  We have no
hard data either way (although I'd put my money on Cigital and Dan to produce
the more secure product :-).  But simply saying "We must use FIPS 140...
just... well, just because!" is hardly a scientific approach to solving the
problem.

Peter.

[0] A very much under-exploited strategy in security evaluation.