[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 22/09/13 19:07, Martijn Grooten wrote: > On Sun, 22 Sep 2013, Philip Hudson wrote: >> http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgval.html > > 342: OpenSSL FIPS Object Module. > > Oops. > > Martijn. > > Which luckily nobody outside the US uses, and nobody inside the US who hasn't been leant on in someway does either. - From http://opensslfoundation.com/fips/: "The OpenSSL FIPS Object Module ("FIPS module") is a special software product designed to meet the requirements for FIPS 140-2 validation by the CMVP. There requirements are unusual from a software engineering perspective, and have very substantially affected the form and function of the FIPS module. The FIPS module was designed for use with the OpenSSL toolkit and library in environments where use of FIPS 140-2 validated cryptography is mandated. Note the FIPS module is not really not appropriate for where such use is not mandated as it does not have any technical virtues (security, performance, maintainability) with respect to the equivalent stock OpenSSL distributions." Pay special attention to the last sentence: they are basically saying the FIPS 140-2 module is crap, they know it is crap, and everyone should *nudge nudge wink wink* stay away from it unless they absolutely have to use it for a mandated reason (i.e., engaging in commercial relations with the US government). But yes, that list is a pretty eye-watering chunk of failure. Regards mr meowski | bad apple | key:DA2B8CF3 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBAgAGBQJSPysWAAoJEFGW4ufaK4zzndMP/jEeo4E/LDehfbud2hnq174a 39/x0919ye1YusEyUR8+2BBfeSZgQQfhRR+uEun+EWjRbiWeO53c02i2NjC2Cq8z QIumV5c5KXcHFlGMd4GPqknV7sg3PtSBI/e/NtitD1I0xwYEMqcco9S8t/M5nG45 nqj7m4A+wAjD+Lb2PBSG8/fvFV1xilg00ST/MlpM/VQlHo+cbMukX6CmgHHuzmxB hnUcvFU0OCH1x6KgLExW8QG/s24d0dI9r2P0BC8amuteb+2xXlETpbqM489iXCpO Lp2R5WZUV3p5ScpkKEKRaAeaQKIQkQMjAtzKDXhFGu51liPirqoEfznaPJ6o9mxR 5u5UlcvcYvB1NAtwG2wWMCanqMvK94YoKOJJAi7AN+quswR7Xhk+XqEGKEt1pnwY c7U6NY7VTTe1GL3DZTpZw2x3pIfA6g1kQ8u58yeMMtKcBJduvu5amUX0yUUAvZXI xRKJlujvx7asPB9U4N7P3cwm+vdsxgdXcgS7fY0cKkQ/UaSbdYye7ycORSR83u7Q q2jG9gf1Fl281qbpvfjKNtiAN7Ia0NChXNJEXmW8FaRuVN8xCPb3PmyV973EQAWu y9tceggIU4WRMNrmsnNVirfSgpZf+8kzofqn1b3HEnnyIFFB38cfFCz08GFvjAg3 GrWBnFEh3fZ6iQjL3KBj =wxZg -----END PGP SIGNATURE-----
Attachment:
0xDA2B8CF3.asc
Description: application/pgp-keys
-- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq