Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Cryptographic Algorithm Validation Program

Retired CAVP Validation Testing

Retired Algorithms And Algorithm Components

Current retired testing includes the following algorithms and references:

Data Encryption Standard (DES)

FIPS 46-3, Data Encryption Standard (DES), was withdrawn May 19, 2005 because the cryptographic algorithm no longer provided the security that is needed to protect Federal government information. DES is no longer an Approved algorithm.

 

Data (Message) Authentication Code (MAC) and Key Management Using ANSI X9.17

The automated conformance tests for FIPS 113 and 171 are no longer operational. Currently, if a FIPS 140-1 or FIPS 140-2 cryptographic module implements either of these two standards, the CST testing laboratories perform some testing that these FIPS requirements are implemented correctly in the cryptographic module.

 

Message Authentication Code (MAC), FIPS 113

The MAC Validation System (MVS) tested for compliance with FIPS 113, Computer Data Authentication is no longer operational. A list of validated products is maintained by the Security Technology Group.

 

Key Management Using ANSI X9.17, FIPS 171

The Key Management Validation System (KMVS) tested for compliance with FIPS 171, Key Management Using ANSI X9.17 is no longer operational. A list of validated products is maintained by the Security Technology Group.

 

Retired Algorithm Components as detailed in SP800-131A Transitions effective January 1, 2014

Please refer to CAVP Frequently Asked Questions (CAVP FAQ) GEN.23 and GEN.24 for information on the algorithm components that are no longer compliant because they are no longer secure enough. GEN.23 addresses the changes made to the Cryptographic Algorithm Validation lists as a result of the SP800-131A Transition which became effective January 1, 2014. GEN.24 identifies the elements of each algorithm that are now non-compliant.

Also see SP800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, published November 2015.

 

Random Number Generators (RNG)

The Random Number Generators specified in FIPS 186-2 with Change Notice 1 dated October 5, 2001 (Appendix 3.1 and 3.2), ANSI X9.31 (Appendix A.2.4) and ANSI X9.62 (Appendix A.4)are no longer compliant as of January 1, 2016.

See SP800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, published November 2015 for more information.

 

Retired Algorithm Components as detailed in SP800-131A Transitions effective January 1, 2016

Please refer to CAVP Frequently Asked Questions (CAVP FAQ) GEN.27 which identifies the algorithm components that are non-compliant beginning January 1, 2016.

Also see SP800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths, published November 2015.

Back to Top

Validation Lists For Retired Algorithms And Retired Algorithm Components

The validation lists for the retired algorithms are accessible below for historical purposes. Retired components of approved algorithms are identified in the respective validation lists by strikethrough text. The complete algorithms or components of these algorithms are either no longer recognized as Approved security functions or testing is no longer available from the Cryptographic Algorithm Validation Program (CAVP).

Please see SP800-131A Revision 1, Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths for more information.

 

Retired Algorithm Validation Lists
Approved Algorithms with Retired Components

Created October 05, 2016, Updated October 03, 2018