1

Is there any security standard published by NIST or another reputed body in information security that explicitly forbids or discourages rolling your own crypto? If yes, would you please post the standard name/title, a link to it, and quote the section that says something to this effect?

Such a document will help me to define information security policies for our organization.

Lone Learner
  • 968
  • 1
  • 9
  • 18
  • 1
    That would be insane to have that as a standard. That would prevent any new crypto from being developed. The problem is when new people develop untested crypto and don't follow procedures. Standards will include how to select an appropriate crypto approach. – schroeder Jul 11 '20 at 16:19
  • 1
    And yeah, there is a NiST standard about how to choose crypto: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175A.pdf and https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-175Br1.pdf – schroeder Jul 11 '20 at 16:29
  • 1
    @schroeder Uhm, standards are voluntary framework that may be applicable. It would in no way hinder development og new crypto? – vidarlo Jul 11 '20 at 17:32
  • @schroeder I meant that regular companies that are not specialized in crypto should not roll their own crypto. Any cryptographic algorithm should be peer reviewed and approved by a standards body. Something to that effect. I am sure you understand what I mean. If someone can edit my question to elaborate this clearly, please do so. – Lone Learner Jul 11 '20 at 18:59
  • 1
    @vidarlo if voluntary, then the discouragement is meaningless. What you are looking for is guidance on how to **select** an algorithm. Once you make that your focus, then it gets simple to search for, as I point out above. – schroeder Jul 11 '20 at 19:50
  • If you are looking for a cudgel to tell your dev teams to "knock it off with the 'not-invented-here' mentality", I'm not sure there will be a standard to find. – schroeder Jul 11 '20 at 19:51
  • @schroeder standards are voluntary. You follow them if you want. Sure, some contracts may require you to follow standards - in which case such a prohibition would be meaningful. It would not impede research in any way. – vidarlo Jul 11 '20 at 19:52
  • 2
    @vidarlo I think you missed my point. Since frameworks are voluntary, then putting a "discouragement" in is meaningless. You need to have positive statements ("do this") in a standard not a "please don't do this" statement. If, on the other hand, you do take the standards seriously (and NIST is not voluntary for the US Government), then the discouragement would impact new development. – schroeder Jul 11 '20 at 19:58

1 Answers1

3

Perhaps you are looking for FIPS 140-2.

The Federal Information Processing Standard Publication 140-2, (FIPS PUB 140-2), is a U.S. government computer security standard used to approve cryptographic modules. The title is Security Requirements for Cryptographic Modules. Initial publication was on May 25, 2001 and was last updated December 3, 2002.

FIPS 140-2 establishes the Cryptographic Module Validation Program (CMVP) as a joint effort by the NIST and the Communications Security Establishment (CSE) for the Government of Canada.

The key here is that it defines Validation of acceptable crypto. It does not explicitly forbid roll your own or custom encryption. You are welcome to make your own and submit it for testing. If it achieves FIPS validation then you can use it with justification. Note that FIPS validation is a years long multi-million dollar process, but you certainly can pursue it if you like.

To back track a bit. The phrase "Roll Your Own" may mean the algorithm (see FIPS 140-2), or it may mean implementation of an approved algorithm. Problematic implementation of an approved crypto algorithm is surprisingly easy to do. One trivial example is using the wrong pseudo-random number resource and severely crippling an otherwise strong crypto. Always try to use vetted libraries instead of coding your own. Even then it's not guaranteed.

user10216038
  • 7,552
  • 2
  • 16
  • 19