PDA

View Full Version : Fips ?



MOP
12-18-2005, 12:31 PM
I just upgrade to 1.5 Mozilla Fire Fox, in Tools/Optiond/Security there is an enable FIPS option. What is it and what does it do?

Phil

txtaz
12-20-2005, 03:01 PM
Phil, This is from the OSS institute

The US National Institute of Standards and Technology (NIST) publishes the FIPS (Federal Information Processing Standard) series of standards. FIPS 140-1 and FIPS 140-2 are both technical standards and worldwide de-facto standards for the implementation of cryptographic modules. FIPS 140-2 supersedes the prior FIPS 140-1. FIPS 140 is a hardware standard that preceded FIPS 140-1. FIPS 140-2 is a technical standard. The Cryptographic Module Validation Program (CMVP) is a process (Lab accreditation, Derived Test Requirements, Implementation Guidance, etc.) encompassing validation testing for cryptographic module (FIPS 140-2) and cryptographic algorithm (FIPS 46-3, FIPS 180-1, FIPS 186-2, FIPS 197, etc.) implementations. The CMVP is a joint program between the US and Canada used by NIST (USA) and CSE (Canada). US Federal users may still use, retain, and deploy modules validated to FIPS 140-1. The FIPS 140-1 and FIPS 140-2 standards can be found at http://csrc.nist.gov/cryptval/ . Products that have received a NIST/CSE validation are listed on the Cryptographic Module Validation List at http://csrc.nist.gov/cryptval/140-1/1401val.htm. FIPS 140-2 is primarily of interest to U.S., Canadian, and UK government agencies which have formal policies requiring use of FIPS 140 validated cryptographic software. The availability of open source FIPS 140-2 validated cryptography will lower the cost and increase the availability of cryptographic applications for those governments. Usually cryptographic algorithm implementations, not complete applications or products, are FIPS -140-2 validated. Separate algorithm-specific validations of FIPS Approved algorithms are a pre-requisite to the FIPS 140-2 validation of the module in which they reside.
Da Taz

MOP
12-20-2005, 07:26 PM
Wes now that you have totaly baffled me, does enabling it serve any purpose for the avaerage guys Like me?

Phil

TuxedoPk
12-20-2005, 08:36 PM
Enabling it promotes hair growth :)

Greg Maier
12-20-2005, 08:58 PM
Phil,
If you enable FIPS validation, you most likely will not be able to establish a secure session with every secure website that you try to go to. The websites that you go to (server) and your browser (client) negotiate in order to use the best encryption that both of them mutually support. If you enable FIPS validation and go to a secure website that is not able to use FIPS Validated encryption, then you will get an error and will be unable to connect to that site.

You can think of it like this:
Non-FIPS validated encryption = Good
FIPS Validated encryption = Better

Unless you feel that the Chinese government is trying to intercept your secure login to your favorite porn site, I wouldn't enable FIPS validation, no need to.

MOP
12-20-2005, 10:27 PM
Had -0- clue what id did, I noticed it after I upgraded from 1.1 to 1.5, it was something I had not noticed before and was curious. Thanks for the input another thing left well enough alone!!!

Phil

mattyboy
12-20-2005, 10:52 PM
Had -0- clue what id did,
Phil

loose fips sink ships :p