#fips — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #fips, aggregated by home.social.
-
iRODS Development Update: May 2026
https://irods.org/2026/05/irods-development-update-may-2026/
-
i don't want to be a curmudgeon, some of that attitude is warranted but you still have to produce and try some things. I am working on basic 5 page site template but also bigger efforts, addressing smb mkt not just local break/fix mkt. maybe the bootable nvme idea (hardened deb) with persistence and enc - a must for the road warrior but good for anyone who values security and privacy #fido #fips #extras #working drivers #vetted #pentoo #ventoy
-
i don't want to be a curmudgeon, some of that attitude is warranted but you still have to produce and try some things. I am working on basic 5 page site template but also bigger efforts, addressing smb mkt not just local break/fix mkt. maybe the bootable nvme idea (hardened deb) with persistence and enc - a must for the road warrior but good for anyone who values security and privacy #fido #fips #extras #working drivers #vetted #pentoo #ventoy
-
i don't want to be a curmudgeon, some of that attitude is warranted but you still have to produce and try some things. I am working on basic 5 page site template but also bigger efforts, addressing smb mkt not just local break/fix mkt. maybe the bootable nvme idea (hardened deb) with persistence and enc - a must for the road warrior but good for anyone who values security and privacy #fido #fips #extras #working drivers #vetted #pentoo #ventoy
-
i don't want to be a curmudgeon, some of that attitude is warranted but you still have to produce and try some things. I am working on basic 5 page site template but also bigger efforts, addressing smb mkt not just local break/fix mkt. maybe the bootable nvme idea (hardened deb) with persistence and enc - a must for the road warrior but good for anyone who values security and privacy #fido #fips #extras #working drivers #vetted #pentoo #ventoy
-
I'm trying to understand why I would choose a regular AWS endpoint over FIPS. I know why and when I have to use FIPS. Given that I have a subset of customers that require it, why not just use it for all customers? One would hope if the ciphers in FIPS are good enough for the government, they're good enough for regular use.
-
Stecke im Bus, vor einem Einsatz mit blau blinkenden Lichtern und Drehleiter am Bahnhof in Schlierbach.
Dabei musste doch nur kurz eine Sendung auf der Post holen.
Hin bin ich mit #Fips (der Haltepunkt war bisschen meh). Erneut für einen Fahrer "die Erste in Heidelberg", aber er hatte schon einmal jemanden in Mannheim mit Rollstuhl. "Wenn Sie öfter mit uns fahren können die anderen lernen" -
Ich hab das in das Feedback Formular geschrieben das am Ende der Fahrten immer kommt das er evtl wieder ne Auffrischung braucht bzgl der Befestigung.
Aber ist ja auch okay wenn ich halt die einzige im Rollstuhl bin die jetzt nach Jahren damit fährt hier. #FipsAuch der Fahrer war wieder super freundlich und wirkte auch null genervt vom Mehraufwand. Da sind die normalen Busfahrer bei weniger Aufwand oft genervter.
-
Ich bin im REWE mit sehr vielen gekauften Flaschen (5 oder so), einem Stück Erdbeer-KäseSahne Torte und anderen Einkäufen.
🤩
warte auf den zurück #Fips weil Einkauf doch nicht mehr als ne Stunde gebraucht hat. Obwohl das erst mein 2. Mal in diesem REWE ist wegen Erreichbarkeit.Der Fahrer dieses mal hat definitiv seine Schulung zur Befestigung aber schon wieder vergessen.
-
Hab gestern ganz optimistisch für heute viertel nach 12 den angezeigten #fips gebucht um im REWE einzukaufen (Bushaltestelle ist an Bundesstraße ohne Gehwegund es gibt ne Unterführung mit vielen Stufen um auf der anderen Seite Gehweg zu erreichen. Und ein Trampelpfad durch Wiese).
Wurde heute wegen "kein Fahrzeug verfügbar" storniert.Hoffe es ist nicht schon wieder kaputt 🙄.
-
#FIPS: Free Internetworking Peering System https://github.com/jmcorgan/fips/blob/master/docs/design/fips-intro.md
-
Okay, das war toll 🤩. Bin wieder zuhause mit Paket.
Ich war in 2 Jahren die allererste Rollstuhlfahrende im #fips in #Heidelberg.
Weshalb der (sehr nette) Fahrer jede Befestigung 3mal kontrollierte.Es gibt auch nur einen umgebauten Bus,ein zweiter ist wohl in Planung, und an dem war jetzt wohl länger immer wieder was kaputt.
Rückfahrt war auch kein Stress weil der da ja einfach gewartet hat während ich an der Packstation war.
Es hätte noch wer zusteigen sollen aber stand keiner da. #rnv
-
Okay, das war toll 🤩. Bin wieder zuhause mit Paket.
Ich war in 2 Jahren die allererste Rollstuhlfahrende im #fips in #Heidelberg.
Weshalb der (sehr nette) Fahrer jede Befestigung 3mal kontrollierte.Es gibt auch nur einen umgebauten Bus,ein zweiter ist wohl in Planung, und an dem war jetzt wohl länger immer wieder was kaputt.
Rückfahrt war auch kein Stress weil der da ja einfach gewartet hat während ich an der Packstation war.
Es hätte noch wer zusteigen sollen aber stand keiner da. #rnv
-
Okay, das war toll 🤩. Bin wieder zuhause mit Paket.
Ich war in 2 Jahren die allererste Rollstuhlfahrende im #fips in #Heidelberg.
Weshalb der (sehr nette) Fahrer jede Befestigung 3mal kontrollierte.Es gibt auch nur einen umgebauten Bus,ein zweiter ist wohl in Planung, und an dem war jetzt wohl länger immer wieder was kaputt.
Rückfahrt war auch kein Stress weil der da ja einfach gewartet hat während ich an der Packstation war.
Es hätte noch wer zusteigen sollen aber stand keiner da. #rnv
-
Okay, das war toll 🤩. Bin wieder zuhause mit Paket.
Ich war in 2 Jahren die allererste Rollstuhlfahrende im #fips in #Heidelberg.
Weshalb der (sehr nette) Fahrer jede Befestigung 3mal kontrollierte.Es gibt auch nur einen umgebauten Bus,ein zweiter ist wohl in Planung, und an dem war jetzt wohl länger immer wieder was kaputt.
Rückfahrt war auch kein Stress weil der da ja einfach gewartet hat während ich an der Packstation war.
Es hätte noch wer zusteigen sollen aber stand keiner da. #rnv
-
Okay, das war toll 🤩. Bin wieder zuhause mit Paket.
Ich war in 2 Jahren die allererste Rollstuhlfahrende im #fips in #Heidelberg.
Weshalb der (sehr nette) Fahrer jede Befestigung 3mal kontrollierte.Es gibt auch nur einen umgebauten Bus,ein zweiter ist wohl in Planung, und an dem war jetzt wohl länger immer wieder was kaputt.
Rückfahrt war auch kein Stress weil der da ja einfach gewartet hat während ich an der Packstation war.
Es hätte noch wer zusteigen sollen aber stand keiner da. #rnv
-
Hey Mastodon, can you please help me crowd-source a GRC question I have? (pls boost if you don't have the answer)
FIPS 140-3 allows the use of RADIUS over TLS (RadSec) (p. 130), essentially giving a pass to MD5 cryptographic module being used because it is wrapped in TLS.
RFC 9887 (TACACS+ over TLS) was published in December of last year - I am trying to understand if it gets the same exemption as RadSec, since it is wrapping the MD5 within TLS.
#GRC #FIPS #CyberSecurity #halp #helpmeplease #IHateGRC #IHateFIPS
-
Hey Mastodon, can you please help me crowd-source a GRC question I have? (pls boost if you don't have the answer)
FIPS 140-3 allows the use of RADIUS over TLS (RadSec) (p. 130), essentially giving a pass to MD5 cryptographic module being used because it is wrapped in TLS.
RFC 9887 (TACACS+ over TLS) was published in December of last year - I am trying to understand if it gets the same exemption as RadSec, since it is wrapping the MD5 within TLS.
#GRC #FIPS #CyberSecurity #halp #helpmeplease #IHateGRC #IHateFIPS
-
Hey Mastodon, can you please help me crowd-source a GRC question I have? (pls boost if you don't have the answer)
FIPS 140-3 allows the use of RADIUS over TLS (RadSec) (p. 130), essentially giving a pass to MD5 cryptographic module being used because it is wrapped in TLS.
RFC 9887 (TACACS+ over TLS) was published in December of last year - I am trying to understand if it gets the same exemption as RadSec, since it is wrapping the MD5 within TLS.
#GRC #FIPS #CyberSecurity #halp #helpmeplease #IHateGRC #IHateFIPS
-
Hey Mastodon, can you please help me crowd-source a GRC question I have? (pls boost if you don't have the answer)
FIPS 140-3 allows the use of RADIUS over TLS (RadSec) (p. 130), essentially giving a pass to MD5 cryptographic module being used because it is wrapped in TLS.
RFC 9887 (TACACS+ over TLS) was published in December of last year - I am trying to understand if it gets the same exemption as RadSec, since it is wrapping the MD5 within TLS.
#GRC #FIPS #CyberSecurity #halp #helpmeplease #IHateGRC #IHateFIPS
-
Hey Mastodon, can you please help me crowd-source a GRC question I have? (pls boost if you don't have the answer)
FIPS 140-3 allows the use of RADIUS over TLS (RadSec) (p. 130), essentially giving a pass to MD5 cryptographic module being used because it is wrapped in TLS.
RFC 9887 (TACACS+ over TLS) was published in December of last year - I am trying to understand if it gets the same exemption as RadSec, since it is wrapping the MD5 within TLS.
#GRC #FIPS #CyberSecurity #halp #helpmeplease #IHateGRC #IHateFIPS
-
Änderungen im fips-Angebot zum 15. Februar
Mannheim / Metropolre…
#Mannheim #Deutschland #Deutsch #DE #Schlagzeilen #Headlines #Nachrichten #News #Europe #Europa #EU #2020 #Angebot #App #Baden-Württemberg #Bahn #Buslinien #fips #Germany #Informationen #Kommunen #Maimarkt #Metropolregion #MetropolregionRhein-Neckar #Mobilität #Neckar #Nutzung #online #Personen #Rhein #Rhein-Neckar #Rhein-Neckar-Verkehr #Rhein-Neckar-VerkehrGmbH #RNV #Seckenheim #Süd #Telefon
https://www.europesays.com/de/787473/ -
It is a matter of time before Quantum Computing gains the ability to crack today’s core public key encryption methods.
Our latest post on TechAptitude outlines the efforts by NIST to generate new cryptography standards to help withstand future quantum powered cyber attacks. Check it out!
https://techaptitude.substack.com/p/quantum-technologies-nist-drives #Cryptography #Quantum #QuantumTechnology #QuantumComputing #NIST #FIPS #CodeBreaker #Encryption #QDay #PQC #PostQuantumCryptography #Passwords #Ciphers #Algorithm #TechAptitude
-
It is a matter of time before Quantum Computing gains the ability to crack today’s core public key encryption methods.
Our latest post on TechAptitude outlines the efforts by NIST to generate new cryptography standards to help withstand future quantum powered cyber attacks. Check it out!
https://techaptitude.substack.com/p/quantum-technologies-nist-drives #Cryptography #Quantum #QuantumTechnology #QuantumComputing #NIST #FIPS #CodeBreaker #Encryption #QDay #PQC #PostQuantumCryptography #Passwords #Ciphers #Algorithm #TechAptitude
-
It is a matter of time before Quantum Computing gains the ability to crack today’s core public key encryption methods.
Our latest post on TechAptitude outlines the efforts by NIST to generate new cryptography standards to help withstand future quantum powered cyber attacks. Check it out!
https://techaptitude.substack.com/p/quantum-technologies-nist-drives #Cryptography #Quantum #QuantumTechnology #QuantumComputing #NIST #FIPS #CodeBreaker #Encryption #QDay #PQC #PostQuantumCryptography #Passwords #Ciphers #Algorithm #TechAptitude
-
It is a matter of time before Quantum Computing gains the ability to crack today’s core public key encryption methods.
Our latest post on TechAptitude outlines the efforts by NIST to generate new cryptography standards to help withstand future quantum powered cyber attacks. Check it out!
https://techaptitude.substack.com/p/quantum-technologies-nist-drives #Cryptography #Quantum #QuantumTechnology #QuantumComputing #NIST #FIPS #CodeBreaker #Encryption #QDay #PQC #PostQuantumCryptography #Passwords #Ciphers #Algorithm #TechAptitude
-
It is a matter of time before Quantum Computing gains the ability to crack today’s core public key encryption methods.
Our latest post on TechAptitude outlines the efforts by NIST to generate new cryptography standards to help withstand future quantum powered cyber attacks. Check it out!
https://techaptitude.substack.com/p/quantum-technologies-nist-drives #Cryptography #Quantum #QuantumTechnology #QuantumComputing #NIST #FIPS #CodeBreaker #Encryption #QDay #PQC #PostQuantumCryptography #Passwords #Ciphers #Algorithm #TechAptitude
-
📢📢📢 FIPS mode in Application Gateway 👇 #Azure #FIPS #Compliance https://learn.microsoft.com/en-us/azure/application-gateway/fips
-
iRODS Development Update: October 2025
https://irods.org/2025/10/irods-development-update-october-2025/
-
iRODS Development Update: October 2025
https://irods.org/2025/10/irods-development-update-october-2025/
-
iRODS Development Update: October 2025
https://irods.org/2025/10/irods-development-update-october-2025/
-
iRODS Development Update: October 2025
https://irods.org/2025/10/irods-development-update-october-2025/
-
The Q-Day Countdown: What It Is and Why You Should Care – Source: securityboulevard.com https://ciso2ciso.com/the-q-day-countdown-what-it-is-and-why-you-should-care-source-securityboulevard-com/ #SecurityBoulevard(Original) #rssfeedpostgeneratorecho #PostQuantumCryptography #CyberSecurityNews #digitalsignatures #SecurityBoulevard #SocialFacebook #SocialLinkedIn #Cybersecurity #Encryption #quantum #SocialX #FIPS #QDay #PQC
-
Red Hat OpenShift AI: Designed for FIPS, delivering trust and innovation
https://www.redhat.com/en/blog/red-hat-openshift-ai-designed-fips-delivering-trust-and-innovation
#RedHat #OpenShift #OpenShiftAI #AI #Kubernetes #InfoSec #FIPS
-
Stuff we're working on: https://blogs.oracle.com/linux/post/fips-1403-for-the-linux-kernel #linuxkernel #fips
-
@filippo thanks! I got stuck on this sentence:
… although it doesn’t necessarily improve security, FIPS 140 compliance is a requirement …
Are there any in-depth resources out there on why this is the case? (Not increasing security)
-
Software Microsegmentation Promises Security—But Is It Falling Short?
https://youtu.be/dYJUWje-Y1g #cybersecurity #microsegmentation #zerotrust #riskmanagment #FIPS-140-2 #hardware #software #BYOS #manufacturing #legacynetworks #energy #healthcare #ICS #OT -
An Extremely Detailed Map of the 2024 [US] Election
--
https://www.nytimes.com/interactive/2025/us/elections/2024-election-map-precinct-results.html <-- shared link to web map
--
https://www.nytimes.com/2025/01/15/us/elections/2024-election-map-data.html <-- shared underlying data
--
https://github.com/nytimes/presidential-precinct-map-2024 <-- shared data download GitHub link
--
#GIS #spatial #mapping #USA #voting #voting2024 #election #spatialanalysis #opendata #2024election #election2024 #data #president #presidential #PresidentialElection #PresidentialElectionof2024 #county #FIPS
@NYTimes -
FIPS mode for Red Hat Go Toolset
https://developers.redhat.com/articles/2025/01/23/fips-mode-red-hat-go-toolset
#go #programming #Security #openssl #fips -
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey
-
Musing about Password-Based Cryptography for the Government
What would a modern NIST standard for password-based cryptography look like?
Obviously, we have PBKDF2–which, if used with a FIPS-approved hash function, gives you a way to derive encryption keys and/or password validators from human-memorable secrets.
However, PBKDF2 isn’t memory-hard.
In 2012, several cryptographers initiated the Password Hashing Competition (PHC) to study the state-of-the-art for password-based cryptography at the time. Part of this motivation was that memory-hard hashing (first developed by Colin Percival in scrypt a few years prior) provided greater defense against the increasing parallelism of modern password cracking techniques.
After a few years of cryptanalysis, the PHC selected an algorithm called Argon2, and gave special recognition to four other finalists.
And, quote the NIST SP 800-63B:
A memory-hard function SHOULD be used because it increases the cost of an attack.
If you were expecting, “Nevermore,” you’re currently reading the wrong literary genre.
“So, we’re done, right? Just use Argon2 and call it a day.”
We did it! Yayyyyyyyy~
…
Of course, it’s not that simple.
(Artist source unknown, meme generated from imgflip)What is Argon2?
Argon2 is defined in IETF RFC 9106. There are several variants of Argon2 that have subtly different security properties (Argon2d, Argon2i, Argon2id, Argon2ds — the latter one providing a property called cache-hardness. which Steve Thomas’s slide deck from BSidesLV 2022 explores in depth).
Argon2id is the variant most of us settled on in 2024.
Regardless of the variant used, the same underpinnings are used. From RFC 9106, section 3.2:
Argon2 uses an internal compression function G with two 1024-byte inputs, a 1024-byte output, and an internal hash function H^x(), with x being its output length in bytes. Here, H^x() applied to string A is the BLAKE2b ([BLAKE2], Section 3.3) function, which takes (d,ll,kk=0,nn=x) as parameters, where d is A padded to a multiple of 128 bytes and ll is the length of d in bytes. The compression function G is based on its internal permutation. A variable-length hash function H’ built upon H is also used. G is described in Section 3.5, and H’ is described in Section 3.3.
Bold text for emphasis.
If you weren’t adept at playing Crypto Algorithm Bingo, it might be easy to miss the fact that BLAKE2b is NOT a cryptographic algorithm approved for use in FIPS validated modules.
So, full stop, unless NIST and the US Department of Commerce turn over a new leaf and add BLAKE2 to the approved algorithms list for FIPS, this is a non-starter.
Well, why not use yescrypt? Or scrypt for that matter?
Yescrypt (and scrypt before it) are based on Salsa20/8. In fact, most of the time computing a KDF output with either algorithm is spent on Salsa20-encryption regions of memory.
After all the computing resources are spent on Salsa20/8 and memory management, PBKDF2-SHA256 is used to compress the output to a fixed length. This is arguably complying with NIST’s requirements to use PBKDF2–albeit with an iteration count of 1 (so it’s just artificially sweetened HMAC, if we’re being honest with ourselves).
How are systems complying today?
I’ve heard a few conflicting stories over the years from folks that care a lot about FIPS (presumably because the US government is a significant chunk of their annual recurring revenue). It’s possible I’m misremembering what they said, so please take these secondhand anecdotes with an appropriate amount of salt.
One person claimed that Scrypt is fine since “the last step is PBKDF2”, and if an auditor blinks, you allegedly just need to document all the Salsa20 stuff as “obfuscation” and PBKDF2 is what you’re really doing to comply.
Another approach I heard was to run a memory-hard KDF in parallel with PBKDF2, then use HKDF to combine the two outputs.
Between the two, I’m more likely to believe that an auditor would approve the latter HKDF-based design, but I’ve never worked at a NIST CMVP lab, so who knows?
Unfortunately, NIST SP 800-63B has little to say about the specifics:
Examples of suitable key derivation functions include Password-based Key Derivation Function 2 (PBKDF2) [SP 800-132] and Balloon [BALLOON]. A memory-hard function SHOULD be used because it increases the cost of an attack.
I already said that PBKDF2 isn’t memory hard, so that’s useless here.
The other example they gave, Balloon Hashing, is frankly a weird recommendation to make, given the lack of a stable reference implementation and how poorly specified it is.
This is starting to look like a catch-22. Maybe we would be better off not supporting passwords anymore.
But what if you can’t make that decision?
What would a modern NIST standard for password-based cryptography even look like?
Towards Gargon: Government-flavored Argon2
Is that last question even answerable?
I argue, “Probably yes.” From the introduction to RFC 9106:
Argon2 is also a mode of operation over a fixed-input-length compression function G and a variable-input-length hash function H. Even though Argon2 can be potentially used with an arbitrary function H, as long as it provides outputs up to 64 bytes, the BLAKE2b function [BLAKE2] is used in this document.
Clearly, the Argon2 RFC authors intended to allow the hash function be swapped out for another one.
So can we just
str_replace()BLAKE2b with SHA512 (or SHA3-512) and call our job done?No, that would be too easy.
The internal compression function, G
Argon2’s design involves computing the internal compression function, G, over regions of memory. The linked section of that version of RFC 9106 provides a good overview of the construction.
- G is defined in terms of the permutation, P.
- P is based on the round function of BLAKE2b.
- The BLAKE2b round function is based on ChaCha, which is similar to Salsa20 (and designed by the same author), which we already established isn’t approved for FIPS.
So if we’re going to invent a Government-tolerable variant of Argon2, we’ll need to be a bit more creative about our choice for G as well.
More precisely, even if we keep the overall structure of G intact, we’ll need to define a FIPS-able permutation, P.
The permutation, P, for building the internal compression function, G
A reasonable person would assume we would need to pick a component from the hash function we’re building atop which has an increased circuit depth. After all, that’s what the Argon2 designers did:
The modular additions in GB are combined with 64-bit multiplications. Multiplications are the only difference from the original BLAKE2b design. This choice is done to increase the circuit depth and thus the running time of ASIC implementations, while having roughly the same running time on CPUs thanks to parallelism and pipelining.
And this is where reasonableness hits a wall. There are several directions that one could go to invent Government-tolerable Argon2.
- The SHA-2 family compression function (i.e., , , , and ).
- The basic block permutation function from SHA3 (i.e., , , , , and ).
- Look elsewhere in the FIPS algorithm suite, such as AES (e.g., in Counter Mode, to exploit the hardware acceleration of AES in modern CPUs).
Each of these ideas is terrible in their own way.
The cryptanalysis results showing that the best attack against a full hash function costs 2 to some power queries don’t imply the security of each constituent component. So you’re really rolling the dice if you pursue this.
AES might be okay, depending on how it’s constructed and used. But the devil’s always in the details.
It’s starting to seem like Gargon’s possibility is fleeting, after all.
Wouldn’t life be simpler if NIST just approved BLAKE2b and/or Argon2 for use in FIPS validated modules?
Yes, life would be much simpler. NIST should do that.
Unfortunately, until that day comes, there are yet more windmills that need tilting.
https://scottarc.blog/2024/06/17/the-quest-for-the-gargon/
#Argon2 #crypto #Cryptography #CryptographyStandards #cybersecurity #encryption #FIPS #NIST #passwordBasedCryptography #passwords #PBKDF2 #security
-
@Viss adafruit has sec fobs for 1/3 price - i am just being poor sport since youbi first open sourced and then closed source much of code behind sec key - could be a good product to sell #productline #fido3 #fips compliant #line card
-
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey
-
YubiKey 還在出清有問題的版本
在「YubiKey still selling old stock with vulnerable firmware」這邊看到的,有人提到 YubiKey 還在賣有問題的版本,裡面提到的 blo
#Computer #Hardware #Murmuring #Security #Software #attack #channel #compliance #eucleak #fips #firmware #hardware #security #side #sidechannel #sidechannel #vulnerability #vulnerable #yubico #yubikey