is that your pwnage takes place over a
FIPS 140-2 certified secure channel.
Too many people use that as an excuse to not do security elsewhere.
Many of these people are trying to get Microsoft-based security
solutions accredited, and use it as a check box on some spreadsheet to
convince management
Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
applicable?
On Wed, 12 Mar 2008, Ed Ahlsen-Girard wrote:
Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
applicable?
No. Furthermore, there are no FIPS 140-2 certified bits - it is an
entire package that is certified, you don't get to pick and choose.
-d
On Thu, Mar 13, 2008 at 12:29:47PM +1100, Damien Miller wrote:
On Wed, 12 Mar 2008, Ed Ahlsen-Girard wrote:
Does OpenBSD's OpenSSL use the FIPS 140-2 certified bits where
applicable?
No. Furthermore, there are no FIPS 140-2 certified bits - it is an
entire package that is certified, you
Ryan,
You're right about the entire package needing to be FIPS 140-2
certified. Also, the other key component here is what
algorithms/components the system is FIPS 140-2 certified for, such as
3DES, TLS, SSL, RNG, or AES.
However, if you're attempting to do CA on a system, keep in mind
What good is an OpenBSD system running with a FIPS 140-2 certified
cryptographic component handling SSL and SSH (using AES-256) if the
interfacing systems aren't also well-protected, and your applications
running on the system don't have safeguards against malicious usage?
You're right
6 matches
Mail list logo