Is your Web site FIPS compliant?

I’ve been involved in a lot of FIPS-compliance Web site testing lately. I’m a crypto hobbyist, not a crypto expert, so I hesitate to write about it, but I’ll explain the basics as well as I understand them. Crypto experts, please write in if I messed up something important.

[ RogerGrimes's column is now a blog! Get the latest IT security news from the Security Adviser blog. ]

FIPS stands for the Federal Information Processing Standard, essentially a series of standards and mandates for U.S. government agencies and supporting contractors. In many cases, if your product or service is not FIPS compliant/certified, the government can’t use it. The FIPS documents are so respected that many other countries mandate them as well or have incorporated the bulk of their guidance into international standards.

There are many FIPS mandates, but the public pronouncements most Web site administrators care about is FIPS 140, which approves various cryptographic ciphers for hashing, signature, key exchange, and encryption purposes. FIPS 140-1 was approved in January 1994 and included the 64-/56-bit Data Encryption Standard (DES), which has since been removed as supported cipher. FIPS 140-2 was released in May 2001 and includes all the current approved ciphers, including the ones listed below:

Symmetric ciphers

AES
3DES
Skipjack/KEA (EES)

Asymmetric Key-Signature

DSA
RSA
ECDSA
MAC
3DES

Hashes

SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512

(Taken from "Annex A: Approved Security Functions for FIPS PUB 140-2, Security Requirements for Cryptographic Modules")

It surprises many people to learn that Triple-DES (3DES) is still FIPS compliant; it is and will be for many more years. FIPS 140-3, the latest version, is currently under review and should be approved in 2009. Windows XP (RTM to SP2) is FIPS 140-1 certified. Windows Server 2003 and later, Vista, and Windows Server 2008, are FIPS 140-2 certified. The original ciphers supported in Windows XP were grandfathered to FIPS 140-2. A few ciphers were added or updated in Windows XP SP3, so XP SP3 has to be recertified, even though the ciphers are the same ones approved in Vista and Windows Server 2008. You can read the current status of any FIPS-certified product by going to this Web site; just search on your vendor’s name.

Additionally, the National Security Agency is pushing a new cipher requirement standard known as Suite B. It calls for many FIPS 140-2 ciphers, but it adds a few of its own (such as Elliptical Curve Cryptography) and specifies minimum key sizes. Windows Vista and Windows Server 2008 and later support Suite B ciphers. I’m not sure what distributions of Linux and other operating systems support Suite B, but it can be inquired of each OS vendor.