Skip to content

Monthly Archives: July 2009

Secure or Compliant, Pick One

I’m on record as stating that FIPS 140-2 validated software is necessarily less secure than its equivalent unvalidated implementation, all other things being equal.  There are several factors conspiring to force this unfortunate outcome: 1) Exposure:  the culture of non-disclosure and non-transparency in the CMVP means that only a handful of people ever even have […]

Opinions expressed herein are not necessarily those of Veridical Systems, OpenSSL, DoD, the author's evil twin Skippy, or anyone else possibly including the author himself.