Slashdot Mirror
OpenSSL Revalidated Following Suspension
lisah writes "Despite what looks like an organized effort to prevent it, OpenSSL has been revalidated by an independent testing agency for its ability to securely manage sensitive data and is ready for use by governmental agencies like the Department of Defense. According to the Open Source Software Institute, who has been overseeing the validation process for the last five years (something that typically only takes a few months), it seems that the idea of an open source SSL toolkit didn't sit right with proprietary vendors of similar products. A FUD campaign was launched against OpenSSL that resulted in a temporary suspension of its validation. Developers and volunteers refused to give up the ghost until the validation was reinstated, and Linux.com has the story of the project's long road to success." Linux.com and Slashdot are both owned by OSTG.
How does that make validation meaningless? That you can write an insecure app no matter the toolkit is irrelevant. What's relevant is that cannot write a secure app with an insecure toolkit.
Sure you could, *if* you knew exactly what the insecurities were and worked around them.
I don't need no instructions to know how to rock!!!!
And of course, any moron can "write an insecure application" using any tools. Writing a secure application, OTOH . . .
Given that I'm doing NIST certification right now, I can assure you it's meaningless. They basically throw a bunch of vectors at you, you reply, if you get it right they give you a cert # and list you on some website.
The only reason ANYONE does this is so they can get on that website. Getting a compliant AES routine isn't hard. There are dozens of implementation under BSD, MIT, GPL, and various other FLOSS [including public domain]. That you picked an AESVS certified implementation doesn't mean you're application is "better".
In fact, AESVS does not mandate any implementation details other than it outputs the right ciphertext.
The FIPS-140 series are a bit diff, but overall it's still a meaningless gesture.
Tom
Someday, I'll have a real sig.
Well, it's not necessarily "meaningless." It would be great to see more governmental agencies choosing open source options but, from what I understand, when it comes to managing sensitive data, only software that is tested and proven to be reliable and secure can be used -- hence OpenSSL's validation process. Sure, it's important to use the tools wisely but, without the FIPS validation, this open source tool can't be used by the government in the first place.
I can't get idea support, and the other proprietary algo's to compile right in 0.9.8, and they stop me from running the commercial NX server - need to use 0.9.7.
./configure --with-idea , and all that, like it should. Anybody know anything weird about 0.9.7 vs 0.9.8, or if it's fixed/changed in 0.9.9?
I use gentoo, but was playing with the ebuild by hand and it didn't seem to just be a gentoo problem. It was
I don't need no instructions to know how to rock!!!!
What?
No, as in my company is doing the test so we can get a cert and listed on the perdy website. We've already done it for our hardware crypto, this time around it's the software crypto.
I think you don't actually know what goes on in validation. Because if you had the slightest clue you'd just say "so what?"
Tom
Someday, I'll have a real sig.
Validation exists for a reason. If you feel the criteria are too lax, you should be lobbying to have them tightened, not proclaiming "oh, well. C'est la vie!".
Then again, perhaps you have a vested interest in denigrating the validation process - by your own declaration, you have non-validated code ostensibly running where it shouldn't be? How much do you stand to lose here if government entities start aligning theory and practice?
While I'm sure that we all feel outraged about the hook of "proprietary vendors trying to shut out opensource," there's nothing unusual here.
A vendor wants to sell a product which requires to be certified to meet certain standards. Once they're selling their product, someone else comes out with a competing product. Vendor tells everyone that the other product isn't as good as theirs, and shouldn't be allowed in the market. Vendor's claims about the other product are investigated, and found to be invalid.
This happens ALL THE TIME, and really doesn't have a lot to do with OpenSSL being open source.
Validation is meaningless.
Is the government allowed to use OpenSSL if it is not validated?
If not, then I don't think the word "meaningless" means what you think it means.
FTA:
Since all of OpenSSL's source code has passed the testing process, now developers can focus on compiling binary libraries and submitting those for validation
Someone please explain to me why binaries aren't good enough for the first review, then later they are? Who says the new source code is "secure"?
Why didn't they require source code review for vendor products?
I hold it, that a little rebellion, now and then, is a good thing. -- Thomas Jefferson
>It would just confirm my estimate of the IQ of the average civil-servant! (with apologies to all three of those civil servants out there with IQ's > 80)
I believe you have "the average civil servant" confused with "the average civil servant's manager."
You can't talk about Wikipedia's flaws on Wikipedia
My projects are public domain. I stand to lose nothing if they stopped using them.
Note I should have been clearer. I said they use them, I didn't mean specifically they end up in actual fielded projects (because I don't know about the latter). But logically from the logs and support emails I get from various organizations they're at least using it for something. I do know that some folk at NIST used the projects testing CCM implementations. Heard that from former employees.
Point is, non-validated code is used to do work.
Tom
Someday, I'll have a real sig.
Not every goverment application requires the same level of validation or security. Not everything they do is secret - in fact, most of what they do is not secret.
How much security do you think your local municipalities roads department needs? I'm sure they keep track of what roads got plowed, and salted, and when. I wouldnt think that would be something they need under fort knox level security.
You can reply with "what if a hacker said dont plow this road then it got real icy and a car crashed and the TERRORISTS WIN", but the fact is, they would hardly give any thought to that scenario, they would have no problem sending updates to the database in cleartext over a wifi link secured with nothing more than WEP. In fact, the key is probably something like 1A2B3C4D5E. The database would exist as a work log - people still do their jobs in the real world.
Hell, maybe some guy wrote that little database 10 years ago, and its still running on a windows 3.1 box in a back room. I saw a dos terminal in the post office, I see ancient hardware still performing its duties every day.
I don't need no instructions to know how to rock!!!!
Was this also sponsored by microsoft or was it some other biggie this time?
Oh wait, there are no other hostile biggies.
1. FIPS 140 validations taking a long time is not unusual.
2. OpenSSL was validated as *source*. All other FIPS 140 validations are of *object code* or devices. This is the first cryptomodule to be validated in source form and contributed to the time taken to validate.
3. The OpenSSL original cert was suspended because there was a small bit crypto code that resided outside the security boundary. Confusion between sponsor, lab, and NIST contributed to the suspension. See #2.
4. Claims of vendor FUD are overblown. NSS, another Open Source cryptomodule, already has FIPS 140-1 certification (for version 3.6; 3.11 will be entering FIPS 140-2 eval soon).
-- Cerebus
From the Too-much-information-for-those-who-do-not-wish-to- hear-it file:
c tsheet2.pdf
The DoD policy which requires the FIPS validation process for programs such as OpenSSL is the National Security Telecommunication and Information Systems Security Policy Number 11 (NSTISSP No. 11). Overview can be found here: http://www.enpointe.com/security/pdf/nstissp11_fa
In short, it states that for govt/DoD to purchase/acquire any Information Assurance (IA) or IA-enabled products, they must pass through the appropriate validation process (Federal Information Processing Standards-FIPS, or Common Criteria-CC).
On a technical side, the validation process only verifies that the product performs as designed/advertised. It simply verifies or validates the products claims.
From an acquisition/implementation side, it is critically important because it is "required" if a product is to used within specified DoD systems. It is the check in the box which even allows a product to be openly considered within these stringent environments.
Does this mean that there are such programs running inside DoD/govt environments which have not gone through such validation efforts...sure there are. Until now, OpenSSL was one of those products.
But, to promote and encourage the open adoption of open source programs, such as OpenSSL or Linux (of which both RH and SuSE have passed through CC), then they must pass through the same tests as other similar (most of the time proprietary) product offerings. We (in the Open Source Community) talk about wanting a "level playing field," well this is part of that process of achieving it. A level playing field is a two-edged sword, so if that's what you want, which we do, then you've got to take the challenges along with the opportunities. Those are the rules.
regards,
jmw
"We called it the FUD campaign," he says. "There were all kinds of complaints sent to the CMVP including one about 'Commie code.'"
'While OSSI was not able to review each complaint the CMVP received, the ones they did see often contained redacted, or blacked-out, data about who had filed the complaint. Some documents, however, did reveal the complainant information, and Weathersby says that is how the OSSI became aware that, in some cases, proprietary software vendors were lodging the complaints'
davecb5620@gmail.com
How much security do you think your local municipalities roads department needs?
If road departments are anything like they are in my city, the dates when a particular section of road is coned off for resurfacing seems to be on a level of "for eyes only".
We never see the constructing crews arriving. My neighbour is convinced the road crews materialise out of a higher dimension or burrow out of the hole they are repairing in an explosion of dirt, traffic cones, workers huts and heavy duty industrial machinery.
Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
What good would it do you if the AES implementation was just *wrong*? Or if the crypto library processes the key in unprotected memory?
That's what validation gets you.
-- Cerebus
This is an excellent example of how large and deep the cesspool is in government contracting.
The competitors intentionally draw out the certification process for the newcomer to literally exhauste them and drive the competition away. This is just one relatively small library/suite of applications. (albeit critical)
For any of you entrepreneurial developers thinking they're onto the the next great thing that gov'ts will buy, please consider this story carefully. A long career at the top of an agency you wish to pursue (nepotism) and a massive bankroll are material requirements to get any money out of gov't contracting.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html
If OpenSSL is validated in both binary and source form while proprietary implementations of SSL are only validated as binaries, one could reasonably conclude that proprietary versions are not really fully validated.
Certainly once validity of visible source code is established it should be possible to relatively easily continue to demonstrate validity of that code. Meanwhile in the case of proprietary versions it is possible to make source changes that change the behavior of binary product in ways difficult to predict or identify.
Thus it would seem that OpenSSL's "validity" is something to which we can ascribe higher confidence than proprietary products.
If indeed this FUD campaign was intended to erode confidence in OpenSSL it seems a matter of debate about whether the effort has backfired.
So if (as the sensationalist headline proclaims) "the idea of an open source SSL toolkit didn't sit right with proprietary vendors of similar products." They've had 5 years to get over it.
I wrote a valid implementation of SHA-1 and AES in JASS (scripting language of Warcraft III) just to see how poor the integer arithmatic was. It was poor. (I had to code my own bitwise functions too, which really hurt. None are standard!)
It seems to have cost over US$ 120,000 (by 2006) to certify, not including volunteer hours:
e rs/browse_frm/thread/7aa07e7a6ba9bbe8/d3c4113f0a49 998a?lnk=st&q=cost+FIPS+certification&rnum=3&hl=en #d3c4113f0a49998a
http://groups.google.com/group/mailing.openssl.us
OSS code is there to be used, the possibility of making dosh enough to pay for validation is unlikely. So put it through FIPS/CC for nowt.
Where companies have a product made of OSS, they can afford to have *their* *specific* implementation ratified as well, with the advantage that given its' provenance, there is less repeat work.
While it costs to certify, there won't be a level playing field.
If the article is accurate then this process seems to be political in nature and not security oriented. What would it matter if a commie wrote it if it was secure? If the software needs to pass certification by answering questions like "Does the programmers mother wears army boots?" or "What are your political beliefs?" then the process is more of a scam to keep the "IN FOLK" in and all others out. It is very easy to throw out allegations when you can hide behind a veil of secrecy. I would not sleep any better knowing that the main interest in security certification being profit for the "IN FOLK". The certification becomes meaningless from a security point of view.
One last question... aren't the commies our friends and the arabs our enemies? or is it not PC to ask? I have trouble figuring out who to hate.
DRM? No thanks, I'll just get it somewhere else...
Operating System likes to implement their open message digest command ( if they provide one at all ). If your system is missing a digest command, you can use the openssl utility to generate one-time hashes. OpenSSL supports the SHA1, MD5 and RIPEMD160 algorithms, and accepts one or more files as arguments
My point was the deep pockets competitors abuse the process to get their desired result: No new competition.
http://www.maxineudall.com/2010/02/should-economists-be-sued-for-malpractice.html