|
|
|
|
|
|
by jnwatson
3153 days ago
|
|
|
FIPS 140-2 is not all that it is cracked up to be these days. Older algorithms, embarrassing failures in certified products, and general distrust of NIST since the Dual EC PRNG catastrophe means that the only folks that should be using FIPS 140-2 are legally required to. (Disclosure: I once took a hardware product through the FIPS process) |
|
|
https://en.wikipedia.org/wiki/FIPS_140-2#Security_levels
It's a subsection of the larger FIPS 140.
Tamper resistant/Tamper evident (and not being able to simply pop the hsm in your pocket while walking by) are important considerations around physical security.
These look great for home or SMB use, but wouldn't work in PCI-DSS or Classified environments.