FIPS 140-2 Certification for Rebex Secure Email Cryptographic Modules
Does Rebex Secure Email's Cryptographic module support FIPS 140-2 certification ?
If yes, which version of "Rebex Secure Email" has this certification ?
I see the latest being "2012-06-10 Version 2012 R2"
Implemented in 2013R1
-
AdminTomáš Knopp (Admin, Rebex) commented
Since release 2013R1 Rebex Secure Mail officially supports FIPS 140-2 compliant mode in which only FIPS-approved modules are used by the Secure Mail component.
-
AdminLukas Pokorny (Admin, Rebex) commented
MD5SHA1 and HMACMD5 are completely different algorithms. HMACMD5 is a Hash-based Message Authentication Code algorithm based on MD5, while MD5SHA1 is simply a concatenation of a MD5 hash and SHA1 hash of the same data. These two algorithms are by no means interchangable - you can't replace the one with the other and expect the code to work.
Setting Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly to true should be the only change needed to disable non-FIPS compliant algorithms, but we have identified several omitions and these were fixed since Rebex Secure Mail 1.0.3773 (which is more than 2 years old). Upgrading to the latest relese is recommended in any case (we are going to release a new one in a few days).
SecurityParameters depends on MD5SHA1 because the TLS 1.0 protocol (=SSL 3.1) is supposed to use it. If you remove it, you will end up with an incompatible protocol and a library that is unable to conenct to any TLS/SSL server. However, since MD5SHA1 includes both MD5 and SHA1 hashes, it is actually considered FIPS compliant when used within the TLS 1.0 protocol because it can't compromise security (due to SHA1 being used at the same time). FIPS explicitly allows MD5 to be used within TLS 3.0 protocol in this manner - see FIPS 140-2 IG, D.8 (page 157, point (e)(1)) at http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
On the other hand, the use of MD5 within SSL 3.0 is not considered secure, making the SSL 3.0 protocol non-compliant. See footnote 2 on page 160 of the same document:
"The problem with SSL 3.0 is the key derivation process that applies to all SSL 3.0 cipher suites: half of the master key that is set up during the SSL key exchange depends entirely on the MD5 hash function. MD5 is not an approved algorithm, and its collision resistance property has been broken by Antoine Joux.
TLS also uses MD5 in the key derivation process, but in a different manner, so that all of the master key depends on both MD5 and SHA-1; nothing in TLS actually depends on MD5 for its security.
Therefore, TLS implementations can be validated under FIPS 140-2, while SSL 3.0 implementations cannot. TLS is version 3.1 of SSL, and most current servers and clients are capable of doing both SSL 3.0 and TLS."
-
Kirti Kunal Shah commented
Thanks for your response. I am using manual approach to enforce only FIPS-certified cryptographic modules to be used in Rebex Secure Email.
I am still confused if there is no change needed in Rebex Secure Email apart from just setting Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly to 'true'.Because I see that Rebex.Net.SecurityParameters is very hard wired to MD5SHA1(methods such as CalculateVerifyData) which is not FIPS compliant. Hence I believe Rebex also requires change.
I tried to replace MD5SHA1 with HMACMD5 and got into many compilation errors in Rebex.
I am using Rebex Secure Email Version 1.0.3773.0
Do I need to upgrade to newer version ? -
AdminLukas Pokorny (Admin, Rebex) commented
Rebex Secure Mail is not itself FIPS-certified, but there is an option that only allows FIPS-certified cryptographic modules to be used. This is enabled automatically when a corresponding option is enabled in Windows, and it can also be enabled manually by setting Rebex.Security.Cryptography.CryptoHelper.UseFipsAlgorithmsOnly to 'true'.