> restrictions on current implementations. As a result a FIPS 140-
> certified key generator will be worse than a well-designed non-FIPS-140
> one because the FIPS requirements prevent you from doing several things
> that would improve the functioning like injecting extra entropy into the
> generator besides the DES3 key.

That's interesting. I would have expected to revise things like that for
FIPS140-*2*.

> In addition since no two eval labs can
> agree on exactly what is and isnt OK here its pretty much a crap-shoot
> as to what you can get through. Ive heard stories from different vendors
> of Lab B disallowing something that had already been certified by Lab A
> in a previous pass through the FIPS process.

I had a talk with a FIPS-140 lab. I have been told, that undocumented
wording has to be used that only the labs know. The FIPS-140 is to me a
obscure process. And btw. the lab told me, that "they" don't want to
have called it a "certification" (despite getting a certificate), but a
"validation".


Mahlzeit,
Matthias

-- 
Matthias Bruestle, Managing Director

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to