NIST
-
NIST (National Institute of Standards and Technology) is the U.S. federal standards and technology institute under the Department of Commerce.
-
NIST develops and publishes technical standards and guidelines in areas including:
-
Cryptography
-
Cybersecurity
-
Metrology (science of measurement)
-
Information technology
-
-
NIST standards are widely used by government agencies and the private sector as a reference for security and interoperability.
-
Examples of NIST cryptographic standards :
-
AES (FIPS 197)
-
SHA-2 / SHA-3
-
PBKDF2 (RFC 8018)
-
FIPS 140-2/3
-
FIPS 140
-
Certification requirements like FIPS 140 are defined by NIST.
-
FIPS 140 (Federal Information Processing Standard Publication 140) is a U.S. government standard that defines security requirements for cryptographic modules (hardware and software).
-
FIPS 140-2/3 certification ensures that the cryptographic module has been tested by accredited labs and meets specific security criteria.
-
Security Levels :
-
FIPS 140 defines four security levels (1 to 4), with Level 1 being basic and Level 4 most stringent, covering physical and logical protection against attacks.
-
-
PBKDF2 :
-
PBKDF2 can be part of a cryptographic module seeking FIPS 140 certification.
-
This does not mean PBKDF2 itself is "certified," but a specific implementation within a module is evaluated and approved.
-
PBKDF2 complies with NIST standards, which are required for FIPS.
-
It is considered an approved key derivation method for data protection, provided parameters (iterations, key size) meet NIST guidelines.
-