On Fri, 2010-01-22 at 10:24 -0500, Przemek Klosowski wrote:
> I don't believe so---it's not my line of business but I understand that
>
> - in some circumstances (government, regulated companies) encryption
> must be certified to the FIPS 140-2 standard
>
> - on Linux encryption (https, ssh) is handled by OpenSSL, which went
> through the FIPS certification process
>
> - one of the conditions of FIPS certification is a capability for
> run-time consistency checks, hence the fipscheck package
>
> - the fipscheck package checks against the checksums stored in the
> .XXX.hmac files, therefore those files are required if a system needs
> to be FIPS-compliant.
Yes, all the above is correct although it does not mean that the
packages in Fedora are certified, they just have/use the changes which
are necessary for certification.
> Having said that, I don't understand how does this scheme prevent
> someone from subverting the executable and creating a matching .hmac
> file, so that the fipscheck fails to see the problem. I expect it's
> handled properly but I don't know how.
No, it does not prevent malicious attacker from subverting the
executable. The integrity check prevents just inadvertent modification
of the executables/libraries which contain the certified code.
--
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
Turkish proverb
--
devel mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/devel
