Hi all, For a security policy, based on SP800-132 (page 8) one must state how DH derived keys are used. Currently the secret derived between our FIPS module (level 3) and the Computer is used as is and I state in table 5 of the security profile option 1a of SP800-132. Looking at the latest FIPS1402IG I see on page 159 for scenario 3 (which is applicable to our module), that one must derive the key from the secret via a KDF. Right? On the computer, we only have very limited cryptographic options and we wrote the DH derivation. On the module we can use the OpenSSL PBKDF2 and I was wondering/hoping that running the derived secret thru a PBKDF would be the same as a normal KDF except that the "password" would be the secret key. Any comment on this thinking?
Thanks LJB
