> restrictions on current implementations. As a result a FIPS 140- > certified key generator will be worse than a well-designed non-FIPS-140 > one because the FIPS requirements prevent you from doing several things > that would improve the functioning like injecting extra entropy into the > generator besides the DES3 key.
That's interesting. I would have expected to revise things like that for FIPS140-*2*. > In addition since no two eval labs can > agree on exactly what is and isnt OK here its pretty much a crap-shoot > as to what you can get through. Ive heard stories from different vendors > of Lab B disallowing something that had already been certified by Lab A > in a previous pass through the FIPS process. I had a talk with a FIPS-140 lab. I have been told, that undocumented wording has to be used that only the labs know. The FIPS-140 is to me a obscure process. And btw. the lab told me, that "they" don't want to have called it a "certification" (despite getting a certificate), but a "validation". Mahlzeit, Matthias -- Matthias Bruestle, Managing Director --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
