tagged 
FIPS 140-2, cryptography, security in cryptography, risk management, software
FIPS 140-2, cryptography, security in cryptography, risk management, software Entries in FIPS 140-2 (2)
Redux: FIPS 140 dash What?
Saturday, January 9, 2010 at 10:05AM There must be something in the water. A few weeks ago we heard about a lack of encryption on the US Predator drone video downlinks. This week we hear about an attack vector on encrypted USB hard drives. Cryptography is getting attention. :) In this case the big deal is about a FIPS 140-2 certification of these USB drives and the fact that they are vulnerable to an attack.
"How did this happen?", one might ask? The answer can be found by in the FIPS 140-2 Level 2 certification requirements. The certification process does not require inclusion of the system into which the USB drive is plugged, meaning your computer. The result is that vetting the security of passphrase communication path between your computer and the USB drive was probably not part of FIPS 140-2 certification.
For Your Consideration – Cryptographic Resolutions
Saturday, January 9, 2010 at 9:41AM In the spirit of the new year, I posted some candidate resolutions for the use of cryptography over on the McAfee Risk and Compliance blog. :)
The full article can also be found here. :)
Happy New Year! -Eric
tagged FIPS 140-2, PKI, security in Writing, cryptography, risk management
FIPS 140-2, PKI, security in Writing, cryptography, risk management