[Cryptography] Something weird about FIPS 140-2
Watson Ladd
watsonbladd at gmail.com
Fri Nov 29 23:31:17 EST 2013
It being the day after Thanksgiving I decided to read crypto
standards. And in the process of reading FIPS 140-2 I came across
section 4.6.1, mandating a single operator and no preemption of
processes doing cryptography. How exactly could OpenSSL on a COTS
operating system ever meet the requirements of FIPS 140-2 given that
section?
Could someone deign to explain to me what exactly FIPS validation
means for software?
It appears that is nothing beyond an excuse to implement DUAL_EC_DRBG.
Sincerely,
Watson
More information about the cryptography
mailing list