[openssl-users] FIPS mode restrictions and DES

jonetsu jonetsu at teksavvy.com
Mon Apr 13 15:33:09 UTC 2015

Thanks for the comments - much appreciated.

The following question might be on the naive side of things, but then I'm
all new to this.  Since crypt() in glibc2 supports SHA-256 and SHA-512 for
password, and assuming that these two are FIPS compatible, what would be the
(financial) overhead of having the crypto part of glibc2 go through
validation ?  It sounds very odd, not to mention very expensive, but I'm
asking nevertheless, in case there is a possibility.  In other words, is the
only practical and viable option regarding this to re-implement crypt()
using EVP methods ?  - thanks.


View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-FIPS-mode-restrictions-and-DES-tp57497p57527.html
Sent from the OpenSSL - User mailing list archive at Nabble.com.

More information about the openssl-users mailing list