Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Remember when HN was losing its collective mind over Dual_EC_DRBG? That was delivered to customers with a FIPS validated software stack.


Both of these things can be true at the same time:

- "Don't use unproven cryptography" is a reasonable policy.

- Policymaking can be subverted by bad actors.


Yes, but neither of those things have anything to do with FIPS 140-3.

FIPS validation address the compliance problem of needing validation. Beyond that, the benefits are ambiguous at best.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: