|
|
|
|
|
|
by fivre
3200 days ago
|
|
|
This is a rather sensational title for an article that amounts to "Login.gov does not use FIPS 140-2-compliant cryptography". Its main argument (aside from point 5) appears to be that scrypt is used in multiple locations, without passing judgement on scrypt itself. Given that this is a US government-run system, this is still a compliance problem, but that's a different issue. |
|
|