Talk:FIPS 140-2

This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects:

Computing Mid‑importance This article is within the scope of WikiProject Computing, a collaborative effort to improve the coverage of computers, computing, and information technology on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.ComputingWikipedia:WikiProject ComputingTemplate:WikiProject ComputingComputing articles Mid This article has been rated as Mid-importance on the project's importance scale. This article is supported by WikiProject Computer Security (assessed as Top-importance). Things you can help WikiProject Computer Security with: edit history watch purge Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information... Answer question about Same-origin_policy Review importance and quality of existing articles Identify categories related to Computer Security Tag related articles Identify articles for creation (see also: Article requests) Identify articles for improvement Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc. Find editors who have shown interest in this subject and ask them to take a look here. Cryptography: Computer science Mid‑importance This article is within the scope of WikiProject Cryptography, a collaborative effort to improve the coverage of Cryptography on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.CryptographyWikipedia:WikiProject CryptographyTemplate:WikiProject CryptographyCryptography articles Mid This article has been rated as Mid-importance on the importance scale. This article is supported by WikiProject Computer science (assessed as Mid-importance).

Anyone want to start a criticism section? Here's some places to start from: http://superconductor.voltage.com/2009/03/updating-fips-1402.html http://www.mail-archive.com/openssl-users@openssl.org/msg58424.html TRS-80 (talk) 14:55, 24 August 2009 (UTC)[reply]

• That would be a spledid idea. The above links deal with the usability of FIPS-validated products. The other criticism is from the security point of view: can a product be secure if it is at least half a year old due to the slow validation process. A lot of bugs could be found during that time in any crypto module, so it will be vulnerable as soon at it is validated and certified for use... Pallinger (talk) 11:51, 14 January 2013 (UTC)[reply]

Not a good idea - see WP:CRITICISM. I've renamed it. Widefox; talk 22:41, 2 January 2014 (UTC)[reply]

Outdated FIPS compliant OpenSSL version, triggers false errors with credit card vendors I'm just venting. Everything that makes the computer world more secure, also inconveniences it. So, if the government compliant FIPS openssl triggers errors during credit card site validation, then perhaps they should be called warnings. I assume if there were serious flaws in OpenSSL found, then the update would happen asap. 184.20.161.0 (talk) 15:33, 26 April 2014 (UTC).[reply]

An item I noticed recently while trying to help convey FIPS 140-2 requirements was that Level 2 not only requires enhanced physical security, it also mandates:

Security Level 2 requires, at a minimum, role-based authentication in which a cryptographic module authenticates the authorization of an operator to assume a specific role and perform a corresponding set of services. ^[1] Harningt (talk) 15:13, 29 September 2014 (UTC)[reply]

Hello fellow Wikipedians,

I have just added archive links to one external link on FIPS 140-2. Please take a moment to review my edit. If necessary, add {{cbignore}} after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}} to keep me off the page altogether. I made the following changes:

• Added archive https://web.archive.org/20131227190128/http://veridicalsystems.com/blog/secure-or-compliant-pick-one/ to http://veridicalsystems.com/blog/secure-or-compliant-pick-one/

When you have finished reviewing my changes, please set the checked parameter below to true to let others know.

This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}} (last update: 18 January 2022).

• If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
• If you found an error with any archives or the URLs themselves, you can fix them with this tool.

Cheers. —^{cyberbot II}_{Talk to my owner:Online} 02:58, 9 September 2015 (UTC)[reply]