Re: [Fed-Talk] Drive Encryption - Cross Platform compatible
Re: [Fed-Talk] Drive Encryption - Cross Platform compatible
- Subject: Re: [Fed-Talk] Drive Encryption - Cross Platform compatible
- From: Amanda Walker <email@hidden>
- Date: Thu, 14 May 2009 22:10:41 -0400
On May 14, 2009, at 7:10 PM, Pike, Michael (IHS/NPA) wrote:
Well technically speaking, FIPS certified means they paid the
"political dues" to NIST in my opinion.
No, it doesn't. FIPS 140-2 is not just a matter of picking a strong
cipher or two. It has quite a lot to say about other topics, such as
key management and tamper resistance, especially at higher compliance
levels (level 4 appears to have been inspired by at least some of the
requirements for Type 1 certification).
Looking at the specs is sufficient for me. I know no average joe is
going to hack the image.
Sure. It's a fine product. But if you are in an environment that
requires FIPS 140-2 compliance, it's not an option.
Just because it isn't certified does not make it less secure,
although it does affect "official" usage.
I figure that official use is usually what we're talking about on this
list. For personal use, use whatever you want :-).
--Amanda
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden