Revision as of 11:17, 28 June 2025 edit ClueBot NG (talk \| contribs) Bots, Pending changes reviewers, Rollbackers 6,478,472 edits m Reverting possible vandalism by 45.142.190.90 to version by TommyGundam. Report False Positive? Thanks, ClueBot NG. (4401504) (Bot) Tag: Rollback ← Previous edit		Revision as of 09:32, 6 July 2025 edit undo TommyGundam (talk \| contribs) Extended confirmed users 1,887 edits m →NIST/CSEC validation: take advantage of the {{currency}} template Next edit →
Line 185: The Cryptographic Algorithm Validation Program (CAVP)<ref>{{cite web \|url=http://csrc.nist.gov/groups/STM/cavp/index.html \|title=NIST.gov – Computer Security Division – Computer Security Resource Center \|publisher=Csrc.nist.gov \|access-date=2012-12-23 \|url-status=live \|archive-url=https://web.archive.org/web/20130102044410/http://csrc.nist.gov/groups/STM/cavp/index.html \|archive-date=2013-01-02}}</ref> allows for independent validation of the correct implementation of the AES algorithm. Successful validation results in being listed on the NIST validations page.<ref>{{cite web \|url=http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm \|title=Validated FIPS 140-1 and FIPS 140-2 Cryptographic Modules \|url-status=dead \|archive-url=https://web.archive.org/web/20141226152243/http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm \|archive-date=2014-12-26 \|access-date=2014-06-26}}</ref> This testing is a pre-requisite for the FIPS 140-2 module validation. However, successful CAVP validation in no way implies that the cryptographic module implementing the algorithm is secure. A cryptographic module lacking FIPS 140-2 validation or specific approval by the NSA is not deemed secure by the US Government and cannot be used to protect government data.<ref name="cnss.gov"/> FIPS 140-2 validation is challenging to achieve both technically and fiscally.<ref name="openssl">{{cite web \|author=OpenSSL, openssl@openssl.org \|url=http://openssl.org/docs/fips/fipsnotes.html \|title=OpenSSL's Notes about FIPS certification \|publisher=Openssl.org \|access-date=2012-12-23 \|url-status=dead \|archive-url=https://web.archive.org/web/20130102203126/http://www.openssl.org/docs/fips/fipsnotes.html \|archive-date=2013-01-02}}</ref> There is a standardized battery of tests as well as an element of source code review that must be passed over a period of a few weeks. The cost to perform these tests through an approved laboratory can be significant (e.g., well over ~~$30,000 US~~{{currency\|30000\|USD}})<ref name="openssl" /> and does not include the time it takes to write, test, document and prepare a module for validation. After validation, modules must be re-submitted and re-evaluated if they are changed in any way. This can vary from simple paperwork updates if the security functionality did not change to a more substantial set of re-testing if the security functionality was impacted by the change. == Test vectors ==

Advanced Encryption Standard: Difference between revisions