Glenn Brunette wrote:
>
> Given the strong push by U.S. and other governments, financial
> services organizations, etc. (inside and outside of the U.S.) to
> use FIPS approved algorithms, has there been any consideration
> to make FIPS-140 mode enabled by default?
This is an interesting suggestion. I agree with Tony that
there are performance issues with making it the default.
I believe we can make some requirements of the FIPS 140-2 spec
the default. We already made one requirement the
default. See
6703956 Solaris cryptographic framework needs a FIPS-186-2
certifiable RNG
which modified the Solaris RNG to use an algorithm that
can be FIPS certified. I will note that these kind of changes are at the
design level and do not impact this case.
Regards,
-Krishna
