Full Disk Encryption solutions selected for US Government use
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Mon Oct 8 09:11:54 EDT 2007
Ben Laurie <ben at links.org> writes:
>Peter Gutmann wrote:
>> "Steven M. Bellovin" <smb at cs.columbia.edu> writes:
>>> On Mon, 18 Jun 2007 22:57:36 -0700 "Ali, Saqib" <docbook.xml at gmail.com> wrote:
>>>> US Government has select 9 security vendors that will product drive
>>>> and file level encryption software.
>> Out of curiousity, are any open source FDE products being evaluated?
>>
>> Given that it's for USG use, I imagine the FIPS 140 entry barrier for the
>> government gravy train would be fairly effective in keeping any OSS products
>> out.
>
>? OpenSSL has FIPS 140.
But if you build a FDE product with it you've got to get the entire product
certified, not just the crypto component.
(Actually given the vagueness of what's being certified you might be able to
get away with getting just one corner certified, but then if you have to use a
SISWG mode you'd need to modify OpenSSL, which in turn means getting another
certification. Or the changes you'd need to make to get it to work as a
kernel driver would require recertification, because you can't just link in
libssl for that. Or...).
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list