Re: How important is FIPS 140-2 Level 1 cert?

2006-12-22 Thread Paul Hoffman
At 11:25 AM -0500 12/21/06, Saqib Ali wrote: I would like to know how much weight people usually give to the FIPS 140-2 Level 1 certification. US federal agencies are supposed to require that certification for any system they buy that uses crypto. Sometimes, US state agencies require it as

Re: How important is FIPS 140-2 Level 1 cert?

2006-12-22 Thread Saqib Ali
Assuming that the two products use Internet protocols (as compared to proprietary protocols): I don't understand this statement. What do you mean by internet protocol vs proprietary protocol??? And also we are looking at FDE solutions, so there are no internet protocols involved in that. no.

Re: How important is FIPS 140-2 Level 1 cert?

2006-12-22 Thread Paul Hoffman
At 8:15 PM -0500 12/21/06, Saqib Ali wrote: Assuming that the two products use Internet protocols (as compared to proprietary protocols): I don't understand this statement. What do you mean by internet protocol vs proprietary protocol??? Now seeing what your company does, I can see where you

Re: gang uses crypto to hide identity theft databases

2006-12-22 Thread Peter Gutmann
Jim Gellman [EMAIL PROTECTED] writes: Well this just sucks if you ask me. According to the Crown Prosecution Service (CPS), which confirmed that Kostap had activated the encryption after being arrested, it would have taken 400 computers twelve years to crack the code. Scales linearly, right?

Re: How important is FIPS 140-2 Level 1 cert?

2006-12-22 Thread Perry E. Metzger
[I was asked to forward this anonymously. --Perry] From: [Name Withheld] To: cryptography@metzdowd.com Subject: Re: How important is FIPS 140-2 Level 1 cert? Paul Hoffman [EMAIL PROTECTED] wrote: At 11:25 AM -0500 12/21/06, Saqib Ali wrote: If two products have exactly same feature set, but

Re: gang uses crypto to hide identity theft databases

2006-12-22 Thread Alex Alten
I'm curious as to why the cops didn't just pull the plugs right away. It would probably take a while (minutes, hours?) to encrypt any significant amount of data. Not to mention, where is the master key? The guy couldn't have jumped up and typed in a pass phrase to generate it in handcuffs?