search for: cmvp

Now that OpenSSL has received FIPS 140-2 certification, does anyone know if the work started a couple of years ago to allow OpenSSH to use OpenSSL in FIPS mode will be reactivated? Bill

...you mean #1, you don?t have to patch anything: it is trivial to configure the various sshd options to permit only FIPS-approved cryptographic algorithms. If you mean #2, then patches aren?t going to help you: being FIPS-validated means that you have submitted your cryptographic module to the NIST CMVP (Cryptographic Module Validation Program), paid the requisite fee, passed, and received a certificate number that others can verify: https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules/Search If your SSH server must be FIPS-validated, then use the CMVP search...

...sh-keygen either. My questions are: 1. Does OpenSSH support FIPS mode? 2. Or does OpenSSH support with OpenSSL FIPS modules? 3. Is there a way to re-compile OpenSSH by turning on/off some flags to make it FIPS complaint? 4. Does the RedHat OpenSSH FIPS modules ( http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) also open sourced to the OpenSSH community? Thanks.

...edhat.com> wrote: > > On 12/04/2015 03:26 AM, security veteran wrote: > >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> > Yes, what we ship in RHEL is open-source. You can pick up sources that are > actually used in RHEL version in CentOS repository: > https://git.centos.org/summary/?r=rpms/openssh > > S...

...it really matter anyway? 1. wolfSSL offers a pluggable Federal Information Processing Standard (FIPS 140-2) certified crypto library. a. Read more about FIPS in wolfSSL <https://wolfssl.com/wolfSSL/fips.html>. b. See our FIPS certification. <http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm#2425> 2. OpenSSL has suffered over the past few years with too many contributions from a variety of sources. The lack of testing and verification of each submission to OpenSSL has resulted in numerous security vulnerabilities. 3. We are very selective a...

...de? >> >> 2. Or does OpenSSH support with OpenSSL FIPS modules? >> >> 3. Is there a way to re-compile OpenSSH by turning on/off some flags to >> make it FIPS complaint? >> >> 4. Does the RedHat OpenSSH FIPS modules ( >> http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1791.pdf) >> also open sourced to the OpenSSH community? >> >> Redhat use different FIPS validation process for OpenSSL. You could > extract fips patch from source package. > Impact is not only for source code. Build process has to be updated as &g...

Dear fellows, As you have probably seen, NUT has had a recent boost through the help of Eaton. Frederic Bohe (contractor for Eaton France) has worked on Augeas, and is now working the Windows port. Chetan Agarwal, seconded by Prashi Gandi (both from Eaton India) are working on XCP and quality / validation related projects. I'm now pleased to announce that Emilien Kia (contractor for Eaton

Hi. I experimented a bit with collecting entropy from the time it takes for device_attach() to run (in CPU cycles). It seems that those times have enough variation that we can use it for entropy harvesting. It happens even before root is mounted, so pretty early. On the machine I'm testing it, which has minimal kernel plus NIC driver I see 75 device_attach() calls. I'm being very careful