Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update README.md regarding ACCP-FIPS and randomness #400

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Update README.md regarding ACCP-FIPS and randomness #400

wants to merge 1 commit into from

Conversation

fabrice102
Copy link
Contributor

Issue #, if available: N/A

Description of changes:

Clarify that since 2.4.0 there is no difference between ACCP and ACCP-FIPS regarding registration of SecureRandom.

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

Update README.md regarding ACCP-FIPS and randomness
052b94c 
Clarify that since 2.4.0 there is no difference between ACCP and
ACCP-FIPS regarding registration of SecureRandom.
@fabrice102 fabrice102 requested a review from a team as a code owner August 28, 2024 20:40
darylmartin100
darylmartin100 reviewed Aug 28, 2024
View reviewed changes
README.md
* Due to the fact that an older branch of AWS-LC is used in FIPS-mode, there will be performance differences between ACCP and ACCP-FIPS. We highly recommend performing detailed performance testing of your application if you choose to experiment with ACCP-FIPS.
* Before version 2.4.0, ACCP-FIPS did not register SecureRandom by default due to the performance of AWS-LC’s entropy source in FIPS-mode, with older versions of AWS-LC. Since version 2.4.0, ACCP-FIPS behaves as ACCP: it registers SecureRandom from AWS-LC by default.
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should link to https://github.com/aws/aws-lc/blob/main/crypto/fipsmodule/FIPS.md, which provides details about the entropy sources used in the versions of AWS-LC. I would highlight that ACCP uses AWS-LC-FIPS v2.0

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A few paragraphs above, it says "ACCP-FIPS is a variation of ACCP which uses AWS-LC-FIPS 2.x as its cryptographic module.".

Should we add the following sentence:

For details about the FIPS module of AWS-LC-FIPS, including the entropy sources used, see the AWS-LC FIPS.md documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@darylmartin100 darylmartin100 darylmartin100 left review comments

@geedo0 geedo0 geedo0 approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fabrice102 @geedo0 @darylmartin100