Entries in FIPS 140-2 (2)

Redux: FIPS 140 dash What?

There must be something in the water. A few weeks ago we heard about a lack of encryption on the US Predator drone video downlinks. This week we hear about an attack vector on encrypted USB hard drives. Cryptography is getting attention. :) In this case the big deal is about a FIPS 140-2 certification of these USB drives and the fact that they are vulnerable to an attack.

"How did this happen?", one might ask? The answer can be found by in the FIPS 140-2 Level 2 certification requirements. The certification process does not require inclusion of the system into which the USB drive is plugged, meaning your computer. The result is that vetting the security of passphrase communication path between your computer and the USB drive was probably not part of FIPS 140-2 certification.

Click to read more ...

For Your Consideration – Cryptographic Resolutions

In the spirit of the new year, I posted some candidate resolutions for the use of cryptography over on the McAfee Risk and Compliance blog. :)


  • The full article can also be found here. :)

    Happy New Year! -Eric

    Click to read more ...