FIPS testing finds numerous crypto errors

About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a National Institute of Standards and Technology survey has found.

Almost all the evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program. Speaking recently at the Federal Information Assurance Conference at the University of Maryland, Lee said 80 of 164 crypto modules evaluated had flaws involving physical security, random number generation or key management. Of 332 algorithms validated, 88 had security flaws, and about two-thirds had documentation errors.

Federal organizations are required to use FIPS-compliant crypto products for sensitive but unclassified data.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • When cybersecurity capabilities are paid for, but untapped

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group