Hacker News new | ask | show | jobs
by Spooky23 331 days ago
Remember when HN was losing its collective mind over Dual_EC_DRBG? That was delivered to customers with a FIPS validated software stack.
1 comments
hamandcheese 331 days ago
Both of these things can be true at the same time:

- "Don't use unproven cryptography" is a reasonable policy.

- Policymaking can be subverted by bad actors.

link
Spooky23 331 days ago
Yes, but neither of those things have anything to do with FIPS 140-3.

FIPS validation address the compliance problem of needing validation. Beyond that, the benefits are ambiguous at best.

link