On Fri, Sep 05, 2003 at 04:15:22PM -0400, Anton Stiglic wrote: > You are correct, I just saw Crypto++ in the list of FIPS 140 validated > modules: > http://csrc.nist.gov/cryptval/140-1/140val-all.htm > It is the latest entry, added today. > Congratulations to Wei Dai!
Thanks! Also thanks to Groove Networks (the company I work for) for spending the money to do the validation. > OpenSSL`s *source code* being evaluated remains exiting. If OpenSSL source code gets validated, I'm going to be very surprised. NIST told us in no uncertain terms that only compiled executable code could be validated. In fact they wouldn't even validate Crypto++ as a static library despite an earlier verbal agreement that a static library was ok. It had to be turned into a DLL at the last moment (i.e. during the review phase). (We wanted to avoid making a DLL from Crypto++ since it has so many algorithms. With a static library the linker would only bring in the algorithms you use, but a DLL has to contain a pre-selected set of algorithms. I ended up putting only FIPS Approved algorithms in the DLL, and made a second static library that contains only non-Approved algorithms, so that both could be used together.) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]