FIPS testing finds numerous crypto errors

About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a National Institute of Standards and Technology survey has found.

Almost all the evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program. Speaking recently at the Federal Information Assurance Conference at the University of Maryland, Lee said 80 of 164 crypto modules evaluated had flaws involving physical security, random number generation or key management. Of 332 algorithms validated, 88 had security flaws, and about two-thirds had documentation errors.

Federal organizations are required to use FIPS-compliant crypto products for sensitive but unclassified data.

About the Author

William Jackson is freelance writer and the author of the CyberEye blog.

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above