Talk:FIPS 140-2
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||
|
Criticism
editAnyone want to start a criticism section? Here's some places to start from: http://superconductor.voltage.com/2009/03/updating-fips-1402.html http://www.mail-archive.com/openssl-users@openssl.org/msg58424.html TRS-80 (talk) 14:55, 24 August 2009 (UTC)
- That would be a spledid idea. The above links deal with the usability of FIPS-validated products. The other criticism is from the security point of view: can a product be secure if it is at least half a year old due to the slow validation process. A lot of bugs could be found during that time in any crypto module, so it will be vulnerable as soon at it is validated and certified for use... Pallinger (talk) 11:51, 14 January 2013 (UTC)
- Not a good idea - see WP:CRITICISM. I've renamed it. Widefox; talk 22:41, 2 January 2014 (UTC)
Outdated FIPS compliant OpenSSL version, triggers false errors with credit card vendors I'm just venting. Everything that makes the computer world more secure, also inconveniences it. So, if the government compliant FIPS openssl triggers errors during credit card site validation, then perhaps they should be called warnings. I assume if there were serious flaws in OpenSSL found, then the update would happen asap. 184.20.161.0 (talk) 15:33, 26 April 2014 (UTC).
Level Correction
editAn item I noticed recently while trying to help convey FIPS 140-2 requirements was that Level 2 not only requires enhanced physical security, it also mandates:
Security Level 2 requires, at a minimum, role-based authentication in which a cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services. [1] Harningt (talk) 15:13, 29 September 2014 (UTC)
- ^ "FIPS PUB 140-2" (PDF). http://csrc.nist.gov/publications/PubsFIPS.html. National Institute of Standards and Technology. Retrieved 29 September 2014.
{{cite web}}
: External link in
(help)|website=
External links modified
editHello fellow Wikipedians,
I have just added archive links to one external link on FIPS 140-2. Please take a moment to review my edit. If necessary, add {{cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
- Added archive https://web.archive.org/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/ to http://veridicalsystems.com/blog/secure-or-compliant-pick-one/
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers. —cyberbot IITalk to my owner:Online 02:58, 9 September 2015 (UTC)