Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: Can We Still Trust FIPS?

Posted by timothy on from the just-slide-it-under-my-door dept.

First time accepted submitter someSnarkyBastard writes "It has already been widely reported that the NSA has subverted several major encryption standards but I have not seen any mention of how this affects the FIPS 140-2 standard. Can we still trust these cyphers? They have been cleared for use by the US Government for Top-Secret clearance documents; surely the government wouldn't backdoor itself right?...Right?"

3 of 138 comments (clear)

  1. How can anyone trust by i+kan+reed · · Score: 4, Interesting

    How could anyone trust an encryption algorithm provided by an organization whose purpose is decryption and interception? That will always be the craziest part.

  2. TS is not SCI by Anonymous Coward · · Score: 5, Interesting

    "Up to Top Secret" does not include Sensitive Compartmented Information (SCI). The ciphers under discussion, backdoored or not, are not suitable for use on SCI.

  3. FIPS is not for Top Secret by Anonymous Coward · · Score: 4, Interesting

    The FIPS 140-2 standard is for "protecting sensitive but unclassified information". It is not for top secret. Also the body of the FIPS 140-2 standard is algorithm agnostic. The part that mandates specific algorithms is Annex A and can be updated to add and remove algorithms without changing the standard.

    In terms of how bad the situation actually is.... I refer to Bruce:
    The math is good, but math has no agency. Code has agency, and the code has been subverted.