[Fed-Talk] FIPS 140-2 Encryption via PGP
[Fed-Talk] FIPS 140-2 Encryption via PGP
- Subject: [Fed-Talk] FIPS 140-2 Encryption via PGP
- From: "William G. Cerniuk" <email@hidden>
- Date: Thu, 13 Dec 2007 19:58:58 -0500
ALCON,
I have hit a brick wall with FIPS certified encryption. I tried to apply PGP to the system and work around issues but regardless of the effort, it is a no-go. PGP is great but it cannot replace FileVault's design... unless I missed something. Crashing systems do tend to make a mess of my day ;-)
From my testing it seems that:
PGP Cannot: - encrypt temporary files
- encrypt virtual memory
- encrypt sleep memory cache
- be reliably be inserted as a home folder encryption replacement
PGP Can: - be used as a virtual disk and manually used for data storage. Like storing all of your data on an external drive
- swap encrypted data with other platforms (Windows, Mac, phones, etc)
- be used to encrypt external storage (like flash drives, hard drives etc) in the same way the Kanguru AES system works
... so I see it as a valuable augmentation to the Macintosh encryption system model that can be used to the exclusion of system encrypted disk images (EDIs) for the primary reason of cross platform capability with a FIPS certified solution... but not as a primary encryption system to meet OMB guidelines ( page 7, section C, bullet 1)
I would greatly appreciate if someone would tell me I am wrong and educate me as to the error in my ways. (very happy to be wrong in this case).
Best Regards, Wm. Cerniuk Project Manager / Sr. Systems Architect Veterans Affairs 703.594.7616 (toll free)
Time is Short, and the Water Rises
|
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden