Techly NewsGet the app

Get the latest tech news

The FIPS 140-3 Go Cryptographic Module


Go now has a built-in, native FIPS 140-3 compliant mode.

Unlike the FIPS 140-3 Go Cryptographic Module, Go+BoringCrypto was never officially supported and had significant developer experience issues, since it was produced exclusively for the internal needs of Google. These packages involve no cgo, meaning they cross-compile like any other Go program, they pay no FFI performance overhead, and they don’t suffer from memory management security issues, unlike Go+BoringCrypto and its forks. To square this circle, in FIPS 140-3 mode we maintain a compliant userspace NIST DRBG based on AES-256-CTR, and then inject into it 128 bits sourced from the kernel at every read operation.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of fips

fips

Photo of cryptographic module

cryptographic module

Related news:

News photo

Microsoft Maintains Go Fork for FIPS 140-2 Support

« How Culture Is Made
Ex-US soldier who Googled 'can hacking be treason' pleads guilty to extortion »