Collaborate Disseminate
To clarify: The FIPS module Security Policy lists using RSA keys for wrap/unwrap. FIPS is a moving target, and the state of the requirements when the CMVP approved module went through the process was such, that a given key’s "usage&… Continue reading Is it (under FIPS) possible to generate a CSR for an asymmetric key with usage=WRAP?
NIST, the National Institute of Standards and Technology, does publish FIPS, the Federal Information Processing Standards Publications.
Does Germany or the European Union have their own standards?
Or do comparable standards at all exist in… Continue reading Do comparable standards like FIPS exist for Germany or the European Union? [duplicate]
Trying to test the conformance of the certificates inside our application, with the below requirement:
The application shall [selection: invoke platform-provided
functionality, implement functionality ] to generate asymmetric
cryptographi… Continue reading Validate the conformance of an OpenSSL created certificate with FIPs standards
We build OpenSSL in FIPS mode, to be used as a DLL. According to the OpenSSL FIPS module (https://www.openssl.org/docs/fips/UserGuide-1.2.pdf), we supply a parameter to the compiler –with-baseaddr=0xFB00000. This parameter allows an integ… Continue reading OpenSSL 1.0.2, for 32 bit FIPS, is doing a base-address verification. Where and how is that implemented?
The standard OpenSSL build with the FIPS option will use a base address for libeay64.dll of 0xFB00000.
Since the FIPS module is not re-locatable, it cannot take part in Address Space Layout Randomization (ASLR),
which is an important part … Continue reading Should using a FIPS capable OpenSSL implementation be avoided?
Does either FIPS 140-2 or FIPS 140-3 certification require USB flash drive’s firmware to be signed so that malicious computer cannot overwrite flash drive’s firmware? e.g. badusb attack.
If I buy any FIPS 140 certified USB flash drive can … Continue reading If I buy any FIPS 140 certified USB flash drive can I be sure that it’s firmware is signed?
With bc-fips-1.0.1 there are below security vulnerabilities
CVE-2018-1000180
CVE-2020-26939
What are the impacts of those two CVE? Are this risks are very critical?
Both are fixed in bc-fips-1.0.2 but this version is degrading performanc… Continue reading bc-fips-1.0.1 security vulnerability, CVE-2018-1000180 and CVE-2020-26939 [closed]
My Challenge
My project has a requirement that we use only FIPS-validated modules to do anything cryptographic, including generating checksums for binaries. We’ve been using the SHA-2 utilities provided by GNU coreutils for a long time to … Continue reading Are GNU coreutils SHA digest functions FIPS-validated (in NIST’s Cryptographic Module Validation Program)?
Do FIPS 140-2 or related documens specify how to protect users’ passwords with encryption? Are there any well known schemas for storing passwords in lossless manner and lossy manner?
Continue reading FIPS compliant passwords protection/encryption?
The expensive one: https://www.dustinhome.se/product/5010873750/ironkey-basic-s1000
The cheap one: https://www.dustinhome.se/product/5010887912/datatraveler-100-g3
Over 14,000 SEK difference in price. Same company (Kingston). Same USB stan… Continue reading What is the benefit of having FIPS hardware-level encryption on a drive when you can use Veracrypt instead?