glen beasley wrote: > Nelson B wrote: >> David Stutzman wrote: >>> What is the min/max password length when the module is operating in FIPS >>> 140-2 mode? >>> >> Wan-Teh will have to answer that. I think it has changed recently. >> It seems that the requirements have changed since the last time NSS was >> FIPS 140 evaluated, or at least our new test lab interprets them very >> differently. >> > see: http://wiki.mozilla.org/Security_Policy#Specification_of_Roles > > In FIPS mode, the NSS cryptographic module imposes the following > requirements on the password. > > * The password must be at least seven characters long. > * The password must consist of characters from three or more > character classes. We define five character classes: digits (0-9), ASCII > lowercase letters, ASCII uppercase letters, ASCII non-alphanumeric > characters (such as space and punctuation marks), and non-ASCII > characters. If an ASCII uppercase letter is the first character of the > password, the uppercase letter is not counted toward its character > class. Similarly, if a digit is the last character of the password, the > digit is not counted toward its character class.
That's what we used to do. But IINM, Wan-Teh decided to abandon that because of a new interpretation of the rules from our test lab. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
