Tuesday, November 21, 2017

OpenSSL FIPS 140-2 - Part One - Security and the infinite regress fallacy

Building the FIPS object module for OpenSSL must be done in a very strict manor. Deviation from the mandated compilation instructions means we cannot consider the resulting binaries as validated. They would then require “private label” validation that costs thousands of dollars. Let’s try to avoid that, shall we?

Tuesday, November 7, 2017

Encrypting “Data At Rest” Using FIPS 140-2 Cryptographic Modules

Sensitive information falling into the wrong hands is a major security concern. The US government’s latest approach to combat this problem is to essentially encrypt everything that transmits or stores data. VPNs or secure socket layers protect data flowing across networks.  Data at rest, which is data stored on physical mediums like hard drives, CD-Rs, DVD-Rs, USB sticks, etc., must also be protected. Hard drive encryption is easy since most modern enterprise-level operating systems include this feature. Removable storage, on the other hand, is a hodge-podge of solutions and very few of them are compatible with each other.