Comparison between FIPS module implementations

Most cryptographic libraries support running in Federal Information Processing Standard (FIPS) 140-2 mode. For cryptographic operations to be FIPS 140 compliant, only certain algorithms and key sizes can be used. For example, use of RSA keys 1536 bit long is not allowed.

Some libraries require the application using it to know about those limitations and not initiate them in FIPS mode while others will refuse to perform operations with FIPS 140-non-compliant cryptographic primitives.

The goal of the work is to learn the NIST FIPS140-2 requirements for applications, and check and compare the behavior of different libraries when operating under FIPS mode.

That comparison will include acceptable algorithms, key sizes, cipher modes of operations and so on.


You must be logged in to perform this action!

Hubert Kario

Location: Brno