Crypto standard up for review

Federal Information Processing Standard 140-3 is open for review

The latest version of the Federal Information Processing Standard for cryptographic modules ' intended, among other things, to add protection for smart cards ' has been released for comment by the National Institute of Standards and Technology.

Comments on the FIPS 140-3 draft ( are due by Oct. 11.

The current standard, FIPS 140-2, grew out of Federal Standard 1027, General Security Requirements for Equipment, which used the now-outdated Data Encryption Standard. FIPS 140-1 was issued in 1994 with a requirement that it be reviewed every five years. The review and revision process can take several years, and FIPS 140-2 was approved in 2001.

The third iteration contains the updates and clarifications that every maturing standard undergoes, but it also tackles a problem of growing concern: power analysis attacks, in which a hacker reads the power fluctuations in a working smart-card cryptographic module to crack its code.

Power analysis was a relatively new technique for cracking codes in single-chip processors when FIPS 140-2 was approved, said Stan Kladko, director of the FIPS validation lab at BKP Security Labs.

Today, though, 'this is one of the bread-and-butter attacks,' said Paul Kocher, president at Cryptography Research.

'We looked at this back when 140-2 was developed,' said Ray Snouffer, manager of NIST's security testing and metrics group. 'We understand it a little better now.'
Written comments may be sent to: Chief, Computer Security Division, Information Technology Laboratory, Attention: Dr. Allen Roginsky, 100 Bureau Drive - Stop 8930, National Institute of Standards and Technology, Gaithersburg, MD 20899-8930. Electronic comments may be sent to: [email protected]

Comments will be published at 140-3htm.

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected