How important is FIPS 140-2 Level 1 cert?
Saqib Ali
docbook.xml at gmail.com
Thu Dec 21 20:15:59 EST 2006
> Assuming that the two products use Internet protocols (as compared to
> proprietary protocols):
I don't understand this statement. What do you mean by internet
protocol vs proprietary protocol???
And also we are looking at FDE solutions, so there are no internet
protocols involved in that.
> no. Probably the only thing that could
> differentiate the two is if the cheaper one has a crappy random
> number generator, the more expensive one will have a good one.
well I think FIPS 140-2 Level 1 ensures more than just a good PRNG.
Even if a public crypto (e.g. AES) is used in a product, there are
many mistakes that can be made during the implementation. And FIPS
140-2 Level 1 is expected to catch these egregious mistakes.
saqib
http://www.full-disk-encryption.net
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list