David
Microsoft's DSSENH cryptographic module is currently listed as having
been certified for a FIPS 140-1 level 1 certification on August 5, 1999
when used with NT 4.0 and SP 4. Some quotes from the NIST web page are:
"Microsoft's DSSENH is general-purpose software-based cryptographic
module. It provides services that enable application developers to
utilize several different cryptographic algorithms and functions via the
Microsoft CryptoAPI without knowing the underlying implementation."
"DSS/Diffie-Hellman Enhanced Cryptographic Provider (For services
provided by the FIPS-approved algorithms listed on the reverse, and
Triple DES) (software version 5.0.1998.1)"
"FIPS-approved algorithms: DES (cert. #45); DSA/SHA-1 (cert. #17).
-Other algorithms: Triple DES (allowed for U.S. Government use); RC2,
RC4, MD5, and Diffie-Hellman. Multi-chip standalone module."
Ed Donahue (CISSP)
> -----Original Message-----
> From: David Kennedy CISSP [SMTP:[EMAIL PROTECTED]]
> Sent: Tuesday, September 07, 1999 12:25 PM
> To: Cryptography
> Subject: Windows and FIPS 140-1
>
> -----BEGIN PGP SIGNED MESSAGE-----
>
> [DMK: Timing is everything?]
>
> Source: Government Computer News via another list:
> >
> >September 6, 1999
> >FIPS security nod is coming for Windows NT
> >MONTGOMERY, Ala.-Microsoft Corp. president Steve Ballmer said that
> Windows
> >NT 4.0 will receive security certification under Federal Information
> >Processing Standard 140-1 by the end of next month.
> >The approval by the National Institute of Standards and Technology
> will
> >cover NT's Internet Information Server, Outlook and Internet Explorer
> 5.0
> >components.
> >The forthcoming Service Pack 6 for NT 4.0 will contain the
> FIPS-evaluated
> >code, Ballmer said.
> >In a keynote speech at the Air Force Information Technology
> Conference,
> >Ballmer acknowledged that key Microsoft products were lagging in the
> FIPS
> >security certification process.
> >He said in an interview that Microsoft's federal group "needed a
> senior R&D
> >leader to eat, drink and breathe federal issues" such as FIPS
> certification,
> >and that he had directed the company to find such a person.
> >The outspoken Ballmer used the Air Force conference to take a shot at
> Java,
> >the development language touted by Microsoft rival Sun Microsystems
> Inc. He
> >predicted that the Extensible Markup Language, not Java, will be
> viewed as
> >"the biggest architectural revolution of the late 1990s."
> >Microsoft developers see XML as the "core to all future product
> functions,"
> >he said.
> >Tool talk
> >He said the company will deliver a tool called Biztalk designed to
> let
> >developers create an XML framework as a universal information
> exchange
> >medium for components.
> >
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Personal Privacy 6.0.2
> Comment: Digital signatures increase security for everyone.
>
> iQCVAwUBN9U8bvGfiIQsciJtAQHynwQA342tKq7YGAoGxY16tyv5NVXPlGm62Y1I
> Q2/OqM3pUL/TimcunQ0bqTdmK7u40+ESYhcl4hyPI3A7ZUDi9eAv6tX/KECcyby1
> Dv2u08U2ZTYRft3hd/NtGviRjpKjw9S5CBDi84KyPgO9WYlP7rN329LcfisFacyx
> URfzO5dpCXc=
> =fayl
> -----END PGP SIGNATURE-----
>
> --
> Regards,
>
> David Kennedy CISSP
> Director of Research Services, ICSA.net http://www.icsa.net
>
> Using encryption on the Internet is the equivalent of arranging
> an armored car to deliver credit-card information from someone
> living in a cardboard box to someone living on a park bench.
> Gene Spafford
>
>
