On Fri, Mar 24, 2000 at 10:30:36PM -0800, David Ahrens wrote: [... BSAFE? ...]
> Bodo Moeller:
>> David Ahrens:
>>> Does anyone know if the pseudo random number generator in openssl is
>>> FIPS-140 compliant?
>> It doesn't do power-up self tests, so it can't be. If you happen to
>> be a federal agency, I recommend you stay away from it. [...]
I don't what components of BSAFE Crypto-C are FIPS 140-1 certified.
They certainly have a certified triple-DES implementation (if you look
at the Security->Navigator in Netscape you'll see that you DES-based
ciphers appear in two variants, one of which mentions FIPS 140-1 and
one of which does not), but they don't reveal much more.
The certificate is at <URL: http://rsasecurity.com/products/images/fips140-1_cert.gif>:
It is valid "[f]or services provided by the FIPS-approved algorithms listed
on the reverse, and Triple DES". Of course they did not bother to scan
the reverse :-) I'd be surprised if these certified algorithms include more
than DES, SHA[-1], and DSS.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
