3 FIPS Cryptography Compliance Properties That You Can't Check Statically

Описание к видео 3 FIPS Cryptography Compliance Properties That You Can't Check Statically

References:
1. FIPS cheat sheet - https://cryptosense.com/datasheets/fi...
2. Cryptosense Analyzer - https://cryptosense.com/analyzer
3. Why Does Cryptographic Software Fail? - http://people.csail.mit.edu/nickolai/...
4. RSA keys shall only be used for one scheme, section 5.1 of DSS NIST 186-4 https://www.nist.gov/publications/dig...
5. IV requirements, e.g. Appendix C of https://nvlpubs.nist.gov/nistpubs/Leg...
6. Salt Requirements for PBKDF, Section 5.1 of https://nvlpubs.nist.gov/nistpubs/Leg... (edited)

Achieving FIPS compliance for applications is more complex than simply using a FIPS validated cryptography library. In this video we explain why there are some aspects of FIPS cryptography compliance that you can't check statically, including ensuring that you use RSA keys for only one thing, getting initialization vectors right, and using salt values for password based key derivation.

/////
Find out more about Cryptosense: https://cryptosense.com/
Follow us on Twitter:   / cryptosense  
/////

Cryptosense CEO Dr. Graham Steel was formerly an academic researcher before founding Cryptosense in 2013. His cryptography expertise is the basis for the company's 'Analyzer' technology which allows customers to protect themselves against losing sensitive data.

Комментарии

Информация по комментариям в разработке