Call for testing: OpenSSH-5.7
Steve Marquess
marquess at opensslfoundation.com
Fri Jan 21 04:09:21 EST 2011
Jan Pechanec wrote:
> ...
>>
>> 1) We should really avoid CTR mode entirely, it's not FIPS approved and the
>> validated CBC can be used instead.
>>
>
> hi Steve, are you talking about FIPS certified OpenSSL or about
> the mode as such? I know that OpenSSL does not support AES CTR in EVP
> (not until 1.0.1, I saw a commit there) but FIPS-140-2 Annex A
> references 800-38A which lists CTR mode as one of the allowed modes. So,
> I assumed AES CTR was allowed in FIPS-140-2 and that it just can't be
> used in FIPS-140-2 mode in OpenSSH since OpenSSH partially implements
> the mode by itself.
>
Well, use of CTR is arguably legal but IMHO questionable. AES-CTR is
not included in the #1051 validation (see
http://csrc.nist.gov/groups/STM/cavp/documents/aes/aesval.html#695), and
there is no compelling reason to use it (with or without FIPS 140-2).
-Steve M.
--
Steve Marquess
The OpenSSL Software Foundation, Inc.
1829 Mount Ephraim Road
Adamstown, MD 21710
USA
+1 877-673-6775
marquess at opensslfoundation.com
More information about the openssh-unix-dev
mailing list