top | item 44577291

(no title)

dlock17 | 7 months ago

I may be thinking more about FedRAMP in general rather than just FIPS140-3, but mandating things like keeping user passwords out of logs is a security improvement.

And the average company needs to be dragged kicking and screaming to care about security at all.

discuss

thayne|7 months ago

> but mandating things like keeping user passwords out of logs is a security improvement.

That has nothing to do with FIPS 140.

FIPS 140 is just requirements for "cryptographic modules".

It specifies which algorithms are allowed and requires that you use modules that have been "validated" by going through an expensive and slow auditing process.

While I don't think it is completely useless to have those requirements, it has some problems, such as:

- it takes a very long time for anything to get validated. For example, Ubuntu 22.04 only recently got its crypto packages validated after being "in process" for years.

- bug fixes have to go through the validation process too, so if a vulnerability is found, you can be left vulnerable for a while

- For many languages and runtimes, using FIPS certified modules is a royal pain. For example, for several versions of node, there was no good way to run it in a FIPS compatible way, because it required a newer version of openssl than the latest FIPS certified version. AWS lambdas, even in GovCloud don't include FIPS certified crypto, so you have to bundle it in your package and make sure to use your local library instead of the system library, which can be quite difficult depending on the language. Prior to this change in go, using FIPS in go required using cgo to link to a FIPS certified c library, and make sure you either did some fancy link magic to get any libraries you used to also use that, or don't use any libraries that use the standard crypto library.

- It doesn't include many algorithms that are widely used and generally considered secure including Ed25519, chacha20-poly1305, argon (along scrypt, bcrypt, etc.), etc. This can cause problems with compatibility with other systems.

__bjoernd|7 months ago

Luckily, FedRAMP have updated their FIPS guidance just this year to allow using crypto modules that have been validated and then received security patches. They realized that security patching is important and you don't need to recertify every patch before using it anymore.

https://www.fedramp.gov/rev5/fips/

dchest|7 months ago

FYI, Ed25519 is now included.

tptacek|7 months ago

This is about exclusively using "validated" implementations of specific cryptographic constructions. You can avoid it simply by not encrypting stuff at all, which is an indication of how little it has to do with security.

hamandcheese|7 months ago

> You can avoid it simply by not encrypting stuff at all, which is an indication of how little it has to do with security.

The consequences of encrypting wrongly quite possibly are worse than if you never encrypted at all.

tguvot|7 months ago

fedramp requires to encrypt a bunch of stuff

Spooky23|7 months ago

FedRAMP is more a cheatsheet for compliance people. Someone in a federal agency had an auditor validate that the required NIST controls were done.

The most useful thing about FIPS 140 is that it’s a great way of quickly identifying clueless security people.

jandrewrogers|7 months ago

This has relatively little to do with actual security. It is compliance and certification theater for the most part. In many cases you can avoid it entirely by outsourcing caring about it to the customer. This isn’t always a bad thing; sometimes they understand and can deliver on their requirements much better than you can.