[Cryptography] FIPS 140 testing hurting secure random bit generation

[Salz, Rich]

> I recommend just ignoring FIPS 140, it is such a waste of time and money.

This is often not an option if you want to sell your product to (parts of) the US Government.

On a related manner, I was recently told that IBM is "beginning to stop" getting its products Common Criteria certified.

	/r$

--  
Principal Security Engineer
Akamai Technology
Cambridge, MA