[Fwd] NIST-certified USB Flash drives with hardware encryption cracked
Peter Thoenen
eol1 at yahoo.com
Thu Jan 7 06:06:56 PST 2010
> #include <standard debate about the value, or lack thereof, of FIPS 140 certification>
Because, IIRC, the standard just certified the vendors implementation of
actual encryption algorithm, not the device as a whole or what happens
outside encryption.
I might be wrong as been two years since I looked at this but I think
that was the problem we ran into when trying to find a FIPS 140-2
compliant bluetooth device for one of the flags officers I was
supporting (per the DISA Wireless STIG requirement:
http://iase.disa.mil/stigs/stig/wireless_stig_v6r1_6aug2009.zip).
At the end of the day we couldn't find an acceptable one but being a
flag he just used a signed off on using non-approved one anyways because
flags are special like that.
-Peter
More information about the cypherpunks-legacy
mailing list