On 10/20/2011 10:18 AM, Arno Wagner wrote: > I don't think anybody ever invested the money needed > to find out. Well, maybe you noticed some changes in dmcrypt and even cryptsetup which were directly closely related to this problem. AFAIK FIPS 140-2 is always related to some hw config, but in principle (and if you define cryptographic boundaries properly) dm-crypt and LUKS have no serious issues here. The main problem is proper RNG and crypto use (you have to use only approved RNG and only certified crypto library), and it cannot be isolated from the kernel certification etc. So there are no principal problems I know about but still some changes are needed (some of them are really formal). Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
