OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Rich Salz
This is termendously exciting. For the first time ever, NIST will be certifying a FIPS 140 implementation based on the source code. As long as the "pedigree" of the source is tracked, and checked at run-time, then applications can claim FIPS certification. For details: http://groups.google.co

Re: Is cryptography where security took the wrong branch?

2003-09-05 Thread David Honig
At 10:18 AM 9/3/03 PDT, D. K. Smetters wrote: > >I find WEP very useful for one thing -- given the habit of >many wireless clients to opportunistically jump onto any >network they happen to find, turning on WEP keeps users >from accidentally "falling" onto networks by mistake. This is much like t

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Anton Stiglic
Really exiting news. If I'm not mistaken, this would be the first free, open-source, crypto library that has FIPS 140 module certification! Other free open-source libraries have algorithms that have been FIPS 140 certified, but the whole module hasn't been certified (exemple Cryptlib and Crypto++

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Joshua Hill
On Fri, Sep 05, 2003 at 01:32:21PM -0400, Anton Stiglic wrote: > If I'm not mistaken, this would be the first free, > open-source, crypto library that has FIPS 140 module certification! I believe that this is incorrect. The two open-source projects that I'm aware of that have FIPS 140 certs a

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Rich Salz
Anton Stiglic: If I'm not mistaken, this would be the first free, open-source, crypto library that has FIPS 140 module certification! It is the first *source code* certification. Joshua Hill: The two open-source projects that I'm aware of that have FIPS 140 certs are The Crypto++ Library, (cert

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Anton Stiglic
> On Fri, Sep 05, 2003 at 01:32:21PM -0400, Anton Stiglic wrote: > > If I'm not mistaken, this would be the first free, > > open-source, crypto library that has FIPS 140 module certification! > > I believe that this is incorrect. > > The two open-source projects that I'm aware of that have FI

Re: OpenSSL *source* to get FIPS 140-2 Level 1 certification

2003-09-05 Thread Joshua Hill
On Fri, Sep 05, 2003 at 04:05:07PM -0400, Rich Salz wrote: > It is the first *source code* certification. The ability to do this runs counter to my understanding of FIPS 140-2. First, there are a series of requirements that deal with executable binary authentication that I'm not sure could be met