> What good is an OpenBSD system running with a FIPS 140-2 certified > cryptographic component handling SSL and SSH (using AES-256) if the > interfacing systems aren't also well-protected, and your applications > running on the system don't have safeguards against malicious usage?
You're right -- better go back to Windows running FIPS 140-2 certified components.... I'm very very cynical about FIPS.