RE: Cryptoprocessors compliant with FIPS 140-2
There are only about 310 fips-140-1/2 total validation certificates since 1995. http://csrc.nist.gov/cryptval/ Since the FIPS-140-2 was not signed in until mid-2001 there where very few in 2002 - see the 2 links below. http://csrc.nist.gov/cryptval/140-1/1401val2002.htm http://csrc.nist.gov/cryptval/140-1/1401val2003.htm _ Dave Kleiman [EMAIL PROTECTED] www.netmedic.net -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Damien O'Rourke Sent: Friday, March 21, 2003 11:14 To: [EMAIL PROTECTED] Subject: Cryptoprocessors compliant with FIPS 140-2 Hi, I was wondering if anyone could list a number of cryptographic processors that are compliant with the Federal information processing standard (FIPS) 140-2 "Security Requirements for cryptographic modules". I know that the IBM-4758 was compliant with FIPS 140-1 up to level 4 but I don't think it has been tested under the newer version of the standard (correct me if I'm wrong). Specifically I am wondering about section 4.11 on page 39 entitled "Mitigation of Other Attacks" which discusses, power analysis, timing attacks, TEMPEST and fault induction. If you could tell me what level they have been certified to and where I might find some more information on them that would be great. In fact, any relevant information would be greatly appreciated. Thanks for your time. Best Regards, Damien. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Cryptoprocessors compliant with FIPS 140-2
Damien O'Rourke wrote: I was wondering if anyone could list a number of cryptographic processors that are compliant with the Federal information processing standard (FIPS) 140-2 "Security Requirements for cryptographic modules". NIST, the US Government Agency responsible for FIPS 140, maintains lists of certified products: http://csrc.nist.gov/cryptval/vallists.htm - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Re: Cryptoprocessors compliant with FIPS 140-2
The list of all FIPS 140-1 and 140-2 validated modules can be found here http://csrc.nist.gov/cryptval/140-1/1401val.htm (this includes software and hardware modules). For "Mitigation of Other Attacks", the FIPS 140 evaluation doesn't look at these. Some vendors might consider these attacks and implement some kind of protection, but these will not be evaluated. Documentation for a specific module might discuss countermeasures to these attacks if they have been implemented. --Anton - Original Message - From: "Damien O'Rourke" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Friday, March 21, 2003 11:14 AM Subject: Cryptoprocessors compliant with FIPS 140-2 > Hi, > > I was wondering if anyone could list a number of cryptographic processors > that are compliant with the Federal information processing standard (FIPS) > 140-2 "Security Requirements for cryptographic modules". I know that the > IBM-4758 was compliant with FIPS 140-1 up to level 4 but I don't think > it has been tested under the newer version of the standard (correct me if > I'm > wrong). Specifically I am wondering about section 4.11 on page 39 entitled > "Mitigation of Other Attacks" which discusses, power analysis, timing > attacks, > TEMPEST and fault induction. > > If you could tell me what level they have been certified to and where I > might > find some more information on them that would be great. In fact, any > relevant > information would be greatly appreciated. Thanks for your time. > > Best Regards, > Damien. > > > - > The Cryptography Mailing List > Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] > - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
Cryptoprocessors compliant with FIPS 140-2
Hi, I was wondering if anyone could list a number of cryptographic processors that are compliant with the Federal information processing standard (FIPS) 140-2 "Security Requirements for cryptographic modules". I know that the IBM-4758 was compliant with FIPS 140-1 up to level 4 but I don't think it has been tested under the newer version of the standard (correct me if I'm wrong). Specifically I am wondering about section 4.11 on page 39 entitled "Mitigation of Other Attacks" which discusses, power analysis, timing attacks, TEMPEST and fault induction. If you could tell me what level they have been certified to and where I might find some more information on them that would be great. In fact, any relevant information would be greatly appreciated. Thanks for your time. Best Regards, Damien. - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]