|
|
|
|
|
|
by ongy
82 days ago
|
|
|
Crypto wise, fips is outdated but not horrible. Actual fips compliant (certified) gives you confidence in some basic competence of the solution. Just fips compatible (i.e. picking algos that could be fips compliant) is generally neutral to negative. I'm not 100% up to date, so that might have changed, but AEAD used to be easier if you don't follow fips than fips compatible. Still possible, but more foot guns due to regulatory lag in techniques. Overall, IMO the other top-level comment of "only fips if you have pencil pusher benefit" applies. |
|
|