Board index » delphi » Another reason not to use black box crypto

Another reason not to use black box crypto

 

Re:Another reason not to use black box crypto

Re:Another reason not to use black box crypto

I remember seeing on the Fips140 list that MSFT has something that is 140-1
certified - probably a portion of NT. Apparently RC2 was not part of the
certification.
 

Re:Another reason not to use black box crypto

James K Smith writes:
Quote
I remember seeing on the Fips140 list that MSFT has something that is 140-1
certified - probably a portion of NT. Apparently RC2 was not part of the
certification.
No, it isn't a FIPS certified algorithm. You can get FIPS certification
for a module that contains non-FIPS approved algorithms as long as you
document which algorithms it contains that aren't FIPS approved. (See
Appendix A of FIPS 140-2, the 5th dot.)
 

Re:Another reason not to use black box crypto

Dennis Landi writes:
Quote
""Henrick Hellström [StreamSec]"" <XXXX@XXXXX.COM>writes
news:46b19da6$XXXX@XXXXX.COM...

>(See Appendix A of FIPS 140-2, the 5th dot.)

The 5th dot? Wow, you encryption guys are precise.
I would have given the paragraph and section numbers, but the list in
that appendix was dotted and not numbered.
 

Re:Another reason not to use black box crypto

Henrick Hellström [StreamSec] writes:
crypto' mean crypto-components w/o source?
Edmund
 

Re:Another reason not to use black box crypto

Quote
Pardon my ignorance in this matter, does 'black box
crypto' mean crypto-components w/o source?
Yes