Add Kenn White's comments
Opened this issue · 0 comments
from https://infosec.exchange/@kennwhite@mastodon.social/110514196057343913
s
Back
Peter Burkholder
@pburkholder
EN
Is there a compilation anywhere of the downsides to FIPS 140? Like a “FIPS awesome” github repo, but the opposite? (Or do I need to curate that myself?) #fips140
Jun 3 *
Peter Burkholder
@pburkholder
EN
Still working on this, and also would dig "#fips140 saved my bacon" examples.
Apparently I'm supposed to ping @kennwhite on this topic 👋
Jun 8
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder you tracked me down over here to ask about a twitter rant from 2 years ago? Uh, sure. But you're framing it as a pros/cons on FIPS, like asking: "Drivers licenses. For or against?" If you're in the commercial or federal space, it's really not a question. You have to use FIPS. Which, in current practice, is actively harmful to security.
Jun 9 *
Peter Burkholder
@pburkholder
EN
@kennwhite Thanks for replying & sorry to have raised this again. I can't see your replies to https://twitter.com/pburkholder/status/1438619437859487744 -- would you be able to follow me so I can take notes this time?
Peter Burkholder on Twitter
Twitter
Jun 9
Kenn White
@kennwhite@mastodon.social
@pburkholder that account is locked and dormant. But to your question, it reduces to: whatever good intentions the people in USG had at one time for FIPS, like everything in regulation & law, its interpretation and practice now years later is handled by subcontractors, 3rd parties, and a lot of predatory weasels whose only goal is maximum financial gain. It's actively harmful. But if you want some of the specifics from a consumer/practitioner of the regs, then get some coffee and strap in.
Jun 09, 2023, 08:13 · Edited Jun 09, 08:17 · ·
0
·
2
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder so, a few preliminaries. At first blush, it would seem like an obvious thing, right? The notion that some well-defined public standard can provide some assurances of correctly implemented cryptography means that software with that seal of approval must be more secure, no? I mean, isn't that what we all want -- better internet, platform, and network security? And I agree, all those things would be great, except that's not what happens.
Jun 9
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder Instead, what happens is that anyone who wants to implement FIPS validated software (strictly speaking, a validated cryptographic module that's followed the CMVP process), you're now faced with a 2-4 year long project that will cost you $50-250K+ (maybe "only" $35K if you're using software like OpenSSL that's ALREADY been certified and you just need a "white label" validation). And that's assuming that NIST doesn't have an additional 2 year backlog as they did until late last year.
Jun 9 *
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder So, let's say you set aside your own staff's time for the next 36 months, fork over the giant check, and start to work with the accredited testing lab. In the first meeting, these fine folks (and for the most part, they really are) will sit you down and explain that none of what you're doing is guaranteed, so even if the documentation is in order, the software passes the tests, meets the benchmarks, etc, you're not assured of becoming certified. But it gets better.
Jun 9
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder There are myriad reasons, often completely outside your control which can stop a certification in its tracks. But let's ignore all that and assume you don't stay on the "In Progress" limbo chart until you die. Now you have your freshly minted NIST cert, and present that to whatever agency or customer or user (and don't think strictly US Gov - think Cisco, Verizon, hell, Pizza Hut; payment systems are a thing) you'd like to work with. But their "security guy" or auditor says nope.
Jun 9 *
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder Sometimes they say this because "cloud" (one rarely discussed open secret in the field: with extraordinarily rare exception, FIPS is a hardware-based framework; hypervisor guests/containers/microVMs are unanticipated annoyances to most testing labs) and short of the hyperscaler's own infra certs - think Boring, AML2 OSSL -- how can you really be sure your software will perform as tested? And god help you if you have a kernel module. Now your boundary just became the whole kernel.
Jun 9 *
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder But, fine, let's even put all that aside. Let's talk about the crypto itself. If you've not seen it, take a look at Google's BoringSSL FIPS docs and all the things they had to break/turn off to meet the self-test bootstrap requirements. Like ASLR ffs. And how about routine patching? Oh, your key exchange module had a minor race condition and you need to make a minor patch? F you, don't touch it or your validation is shot.
Jun 9 *
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder There are other issues as well - FIPS lags years behind industry advances in crypto, and regulators have only barely even started to think about PQ. Further, it's been, what? 8+ years and I think ChaCha20/Poly1305 are still not allowed, but if you disable them, I don't know how you're fully complying with TLS 1.3.
Jun 9 *
Kenn White
@kennwhite@mastodon.social
EN
@pburkholder Anyway, I'll stop there to sum up: FIPS isn't about security, it's about a very narrow, niche crypto "correctness" check which is laughably out of date by most cryptographer's standards. Its implementation has encouraged EOL unpatched insecure code in the world and it has given rise to an entire bloated industry whose only real effect has been to absolutely strangle innovation and rent-seek any small players or stop independent developers from even trying to do the right thing. /fin
Jun 9
baerwitness
@baerwitness
EN
@kennwhite @pburkholder this is the best thing I've ever read on social media. Thank you, Kenn!
Jun 9
Kenn White
@kennwhite@mastodon.social
EN
@baerwitness @pburkholder ha. Glad to be of assistance.
Jun 9
baerwitness
@baerwitness
EN
@kennwhite @pburkholder as someone who lives in the Federal compliance world, it's so refresh