Not clear as to the intent of providing this information as algorithms are not products which can be used in the real world once certified. Cryptographic modules use these algorithms … but until the module using the algorithm is certified, the knowledge that the 'idea' or algorithm being used in the module is of dubious value. This is like certifying the tread design on a tire while the tire remains uncertified and unusable until the tire itself certified for use on the highway.
For racing fans, there may be value. It perhaps announces that the certification of the cryptographic module is closer to the potential finish line. Looking at the time between when an algorithm is certified to when the containing module is certified gives an idea of the range of time it takes to get the module (tire) on the 'information super highway' once the algorithm (tread design) is certified.
For example, see on the algorithm certification page #1400, "Apple FIPS Cryptographic Module Version 1.0" The algorithm was certified 6/14/2010. Then cross reference the FIPS certification #1514 for "Apple FIPS Cryptographic Module Version 1.0" certified on 03/09/2011. (links below) This is roughly 9 months from certification of the algorithm to certification of the module. The period between algorithm cert to module cert seems to be between 5 months to 11 months based upon a random sampling.
Random Samples - PGP, algorithm cert #1170 on 9/15/2009, module cert #1325 on 06/22/2010, 9 months.
- Kingston Memory, algorithm cert #1191 on 10/9/2009, module cert # 1306 on 06/01/2010, 9 months.
- G4S Technology algorithm cert # 1314 on 4/13/2010, module cert # 1407 on 09/15/2010, 5 months.
- SafeNet algorithm cert #1315 on 4/13/2010, module cert #1498 on 04/01/2011, 11 months.
- Patrick Townsend Security Solutions algorithm cert #1338 on 5/10/2010, module cert #1449 on 11/15/2010, 7 months.
Algorithm Certification Crytpographic Module Certification (the 140-2 cert)
Given that it is published by NIST leads one to believe that the algorithm certification list is an authoritative answer to something… just not clear as to what.
(my 13 yr old daughter, who was interested for some strange reason, offers it is for 'punking' people… government humor? :-D )
Best, Wm. Cerniuk
On Oct 7, 2011, at 10:13 PM, Rowland, Carolyn D. wrote:
You are correct. Algorithm validation and cryptographic module validation are separate. To be "FIIPS 140-2 validated", it must be the cryptographic module that is certified.
So we wait a while longer...
Carolyn (I'm not associated with the cryptographic module validation program at NIST)
--
Carolyn Rowland
Computer Scientist, NIST
Not so fast. These algorithms were validated on 6/7/2011. This doesn't mean they have FIPS approval, http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140InProcess.pdf http://csrc.nist.gov/groups/STM/cmvp/inprocess.html. Shawn might expand on this but from what I remember him telling me, the algorithms are the first step. The next step is incorporating all of them into the iOS package and getting approval for everything.
If you review the link I sent, you'll see that iPad and iPhone FIPS cryptographic module has been rejoined by Apple FIPS cryptographic module. Hopefully this means the new module for Lion has been submitted for approval.
On Oct 7, 2011, at 5:53 PM, William Cerniuk wrote:
Peter Link Cyber Security Analyst Cyber Security Program Lawrence Livermore National Laboratory PO Box 808, L-315 Livermore, CA 94550 email@hidden
|