[Fwd] NIST-certified USB Flash drives with hardware encryption cracked

Peter Thoenen eol1 at yahoo.com
Thu Jan 7 06:06:56 PST 2010

> #include <standard debate about the value, or lack thereof, of FIPS 140 certification>

Because, IIRC, the standard just certified the vendors implementation of
actual encryption algorithm, not the device as a whole or what happens
outside encryption.

I might be wrong as been two years since I looked at this but I think
that was the problem we ran into when trying to find a FIPS 140-2
compliant bluetooth device for one of the flags officers I was
supporting (per the DISA Wireless STIG requirement:

At the end of the day we couldn't find an acceptable one but being a
flag he just used a signed off on using non-approved one anyways because
flags are special like that.


More information about the cypherpunks-legacy mailing list