[148323] in cryptography@c2.net mail archive

home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[Cryptography] Something weird about FIPS 140-2

daemon@ATHENA.MIT.EDU (Watson Ladd)
Fri Nov 29 23:40:05 2013

X-Original-To: cryptography@metzdowd.com
Date: Fri, 29 Nov 2013 20:31:17 -0800
From: Watson Ladd <watsonbladd@gmail.com>
To: Cryptography <cryptography@metzdowd.com>
Errors-To: cryptography-bounces+crypto.discuss=bloom-picayune.mit.edu@metzdowd.com

It being the day after Thanksgiving I decided to read crypto
standards. And in the process of reading FIPS 140-2 I came across
section 4.6.1, mandating a single operator and no preemption of
processes doing cryptography. How exactly could OpenSSL on a COTS
operating system ever meet the requirements of FIPS 140-2 given that
section?

Could someone deign to explain to me what exactly FIPS validation
means for software?
It appears that is nothing beyond an excuse to implement DUAL_EC_DRBG.
Sincerely,
Watson
_______________________________________________
The cryptography mailing list
cryptography@metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

home	help	back	first	fref	pref	prev	next	nref	lref	last	post