atsec

The information security provider.
homesitemapblog
  • Services
  • Company
  • News & Events
  • Resources
  • Contact
Deutsch | 汉语

Product Evaluation
and Testing
Common Criteria (ISO/IEC 15408)
FIPS 140-2
Cryptographic Algorithm Testing
SCAP
NPIVP Testing
Biometrics Testing
GSA PIV Evaluation (FIPS 201)

Compliance and Audit
ISO/IEC 27001
SOX and Euro-SOX
FISMA Certification Support
HIPAA and HITECH
NASPO

Consulting and Training
VTDR for GSA FIPS 201
Embedded Systems
Hardware Security Testing and Analysis
Penetration Testing
PCI Consulting
US Export Control for Cryptography
Training

 back to the resources

CAVP: Frequently asked questions

  • How do I go about getting an algorithm validated?
  • Where can I find out more about the program?
  • What algorithms and modes are tested?
  • Where can I find out more technical details and support for the algorithms?

How do I go about getting an algorithm validated?
There are 9 steps for cryptographic algorithm validation:

  1. Sign an NDA / contract with atsec
  2. Obtain additional information required (Information for NIST certificate form, affidavit for testing)
  3. Provide customer with test vectors for algorithms
  4. Receive test results from customer
  5. Verify test results
  6. Iterate with customer until pass status is achieved
  7. Obtain from customer assurance that tests were performed using the defined implementation (we have a form letter)
  8. Submit results for validations to the CAVP (NIST)
  9. Assuming all is well, results are posted to the official web site. (generally takes about 6 weeks)

[up] 

Where can I find out more about the program?
Further help for the program can be obtained from NIST at:
http://csrc.nist.gov/groups/STM/cavp/index.html
and in the CAVP FAQ at:
http://csrc.nist.gov/groups/STM/cavp/faqs.html

Also, the FIPS 140-2 implementation guidance can be of help in algorithm validation questions. See:
http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf

[up] 

What algorithms and modes are tested?
The definitive list of the algorithms tested are those algorithms that are FIPS approved and NIST recommended at: http://csrc.nist.gov/groups/STM/cavp/index.html.
In addition, atsec can offer implementation testing for other algorithms. This is completely outside the NIST Cryptographic Algorithm Program. Our results are not validated by NIST, nor are they certified. We offer this testing for the following algorithms:

  • RC4
  • CRC
  • DES
  • MAC
  • Blowfish
  • and others: please enquire.

[up] 

Where can I find out more technical details and support for the algorithms?
Please take a look the NIST toolkit at: http://csrc.nist.gov/groups/ST/toolkit/index.html and our algorithm checklist.

 

(c) 2012 atsec information security | Legal Notice | Data Protection Notice | Environmental Policy | Security Policy |  atsec IT security blog atsec on facebook atsec on twitter atsec on LinkedIn atsec on digg.com