• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: [Fed-Talk] The Joys of FIPS
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Fed-Talk] The Joys of FIPS

  • Subject: Re: [Fed-Talk] The Joys of FIPS
  • From: "Shawn A. Geddis" <email@hidden>
  • Date: Fri, 20 Sep 2013 11:12:55 -0700
On Sep 19, 2013, at 5:23 PM, Todd Heberlein <email@hidden> wrote:
Somewhat outside of Apple’s wheelhouse, but lots of emails have come across this list discussing Apple getting FIPS approval. I thought that made this article somewhat interesting.  Maybe FIPS will be seen as a drawback now for some Apple markets (like Apple’s 2nd biggest market). :-\

(NOTE: As far as I know, the so-called “backdoor” is still only hypothetical)

(NOTE 2: I added the underline in the quote below)

Stop using NSA-influenced code in our products, RSA tells customers
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/

Officials from RSA Security are advising customers of the company's BSAFE toolkit and Data Protection Manager to stop using a crucial cryptography component in the products that was recently revealed to contain a backdoor engineered by the National Security Agency.

The BSAFE library is used to implement cryptographic functions into products, including at least some versions of the McAfee Firewall Enterprise Control Center, according to NIST certifications.

McAfee representatives issued a statement that confirmed the McAfee Firewall Enterprise Control Center 5.3.1 supported the Dual_EC_DRBG, but only when deployed in federal government or government contractor customer environments, where this FIPS certification has recommended it.

Todd,

What is the connection you are retrying to draw with respect to Apple’s Cryptography and FIPS 140-2 Module Validation ?  
The modules neither use BSAFE nor Dual_EC_DRBG and none of the source code was influenced by any government agency.

- Shawn
________________________________________
Shawn Geddis   
Security Consulting Engineer 
 Apple Enterprise Division
 


 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
  • Follow-Ups:
    • Re: [Fed-Talk] The Joys of FIPS
      • From: Todd Heberlein <email@hidden>
    • Re: [Fed-Talk] The Joys of FIPS
      • From: "Walls, Bryan K. (MSFC-EO50)" <email@hidden>
References: 
 >[Fed-Talk] The Joys of FIPS (From: Todd Heberlein <email@hidden>)

  • Prev by Date: [Fed-Talk] The Joys of FIPS
  • Next by Date: Re: [Fed-Talk] The Joys of FIPS
  • Previous by thread: [Fed-Talk] The Joys of FIPS
  • Next by thread: Re: [Fed-Talk] The Joys of FIPS
  • Index(es):
    • Date
    • Thread