Last time I was dealing with FIPS for software cryptography it was a typical government-enforced joke, accomplishing nothing but ticking boxes, some of which were plain wrong, and some some outdated that it was laughable. The certification was costly, and every modification of a single line of code of core crypto algorithms would require re-validating the whole thing, which meant we had to bind to some super-old openssl bindings and jump hoops around it to avoid having to re-validate stuff.
In practice it meant that the FIPS-mode was actually running some older, probably less secure code than the non-FIPS mode, which just used the up to date openssl/crypto.
Now - we had to do it one way or another, because it’s required for certain government applications, but I’m still curious - did I got a wrong impression / things changed? Is that the goal here? Some products based on Rust be able to sell to the US gov and alikes and some big-biz creds? Or are they going to be some other benefits?
Anyway, this is not to say it’s not a worthy goal, just curious.
The part about rewriting rest of C to Rust sounds awesome BTW. I remember the last post of the author talking about “Rust should be able to use crypto entirely in Rust” and I agree wholeheartedly, and I’m grateful for all the existing and future work on Ring.
Take it with a grain of salt but…
Last time I was dealing with FIPS for software cryptography it was a typical government-enforced joke, accomplishing nothing but ticking boxes, some of which were plain wrong, and some some outdated that it was laughable. The certification was costly, and every modification of a single line of code of core crypto algorithms would require re-validating the whole thing, which meant we had to bind to some super-old openssl bindings and jump hoops around it to avoid having to re-validate stuff.
In practice it meant that the FIPS-mode was actually running some older, probably less secure code than the non-FIPS mode, which just used the up to date openssl/crypto.
Now - we had to do it one way or another, because it’s required for certain government applications, but I’m still curious - did I got a wrong impression / things changed? Is that the goal here? Some products based on Rust be able to sell to the US gov and alikes and some big-biz creds? Or are they going to be some other benefits?
Anyway, this is not to say it’s not a worthy goal, just curious.
The part about rewriting rest of C to Rust sounds awesome BTW. I remember the last post of the author talking about “Rust should be able to use crypto entirely in Rust” and I agree wholeheartedly, and I’m grateful for all the existing and future work on Ring.