Reply to post: Re: FIPS 140-2 (Was Cheap)

For $800 you can buy internet engineers' answer to US government spying

Lotaresco Silver badge

Re: FIPS 140-2 (Was Cheap)

"Considering that FIPS 140-2, IIRC, includes as part of the standard such ignominious technologies such as DUAL_EC_DRBG, that certification just doesn't have the same 'ol shine it used to, for some people."

Apart from using an HSM as good practice in securing crypto, HSMs are used as a component in PKI because software-only security is frowned upon in regulated (financial, government) environments. Insurers won't insure and regulators won't approve systems unless they have FIPS 140-2. They also don't listen to argument that an algorithm is flawed as long as it is approved.

However: " Dual EC_DRBG has been removed, as it is no longer approved"

DRBG Validation List

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021