Re: [Fed-Talk] Drive Encryption - Cross Platform compatible
Re: [Fed-Talk] Drive Encryption - Cross Platform compatible
- Subject: Re: [Fed-Talk] Drive Encryption - Cross Platform compatible
- From: Basil Decina <email@hidden>
- Date: Fri, 15 May 2009 08:35:29 -0400
For 3), I would guess that one cannot imply that such venders use the
algorithms in the recommended mode -- is that correct ? (I think
that's part of the validation process.)
Basil
On May 15, 2009, at 8:26 AM, Amanda Walker wrote:
On Fri, May 15, 2009 at 8:18 AM, Basil Decina
<email@hidden> wrote:
Some symantics here... We hear two types of "Meeting FIPS" from
vendors...
1) "FIPS Compliant": The vender claims to do everything FPS 140-2
requires
--- but no one expect the vendor has tested it.
2) "FIPS Certified" (or "Validated" or "Accredited"): The vender
claims to
do everything FIPS 140-2 requires --- and paid many $10K's to NIST
and JITC
(Ft. Huachuca) to validate it against their test suites.
There's a 3rd that's increasingly prevalent:
3) "Uses FIPS approved encryption algorithms", which just means it
uses DES or AES. This appears to be the case TrueCrypt falls under.
--Amanda
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden