@bertjwregeer can you cite an example of FIPS-140 mandating a vendor who has a documented *clear* backdoor? please? =)
-
-
Replying to @attritionorg
@attritionorg RSA bsafe just got pulled, since it only implemented dual ec crap for random number stuff.1 reply 0 retweets 0 likes -
Replying to @bertjwregeer
@bertjwregeer did FIPS-140 mandate RSA BSAFE toolkits specifically?2 replies 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg no, but fips 140 was a requirement and the only vendor allowed to supply the implementation that was certified was rsa bsafe1 reply 0 retweets 0 likes -
Replying to @bertjwregeer
@bertjwregeer so 2 documents/requirements would show that ultimately? can you send me links?1 reply 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg nope, this is not a public project.1 reply 0 retweets 0 likes -
-
Replying to @attritionorg
@attritionorg yes, but the contract requiring rsa's bsafe implementation of fips 140 crypto is not public.1 reply 0 retweets 0 likes -
Replying to @bertjwregeer
@bertjwregeer that contract from the gov? if so, maybe open to FOIA?2 replies 0 retweets 0 likes -
Replying to @attritionorg
@attritionorg I wish it was open to scrutiny. Most of the requirements are insane/stupid and make no sense!1 reply 0 retweets 0 likes
@bertjwregeer i have no doubt .gov bureaucracy has created that exact situation. would love to see it exposed
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.