Hi there, >From a technical POV LUKS easily can achieve everything demanded by FIPS-140-2 for the technical stuff. That being said: One Major thing about 140-2 considers physical device security (tampering detection) which naturally is outside of LUKS' scope. Further, you'D probably need a certification, to really conform to FIPS-140-2. The Key management Part etc. is (again) completely outside of LUKS' scope, it's a question fo procedure. Concerning the actual encryption algorithm, Hashign Methods etc. LUKS can achieve everything FIPS-140-2 demands, as long as you choose wisely. So, in general, everything from FIPS-140-2 that is limited to the area of implemenation (software), LUKS can generally achieve, but that's just a rather small part of what your customer is asking for, as far as I can tell. Regards -Sven On Wed, February 29, 2012 17:23, Bennett, Justin wrote: > Hello all, > > At my work, we have a requirement from our customer to provide total hard > drive encryption on pieces of our system that are considered mobile > (laptops, for instance). Previously, we have been using a commercial > product to achieve this, but that product has since been discontinued in > favor of a hardware based product that the company is now using. > > I'd like to use the LUKS-based encryption that is available during the > installation of RHEL 5 (the OS we'll be using going forward) but I need to > know some specific information regarding the encryption standards that are > met by LUKS. Specifically, the customer requires that the encryption meet > the standards set forth by the United States Dept. of Commerce in > FIPS-140-2 (http://en.wikipedia.org/wiki/FIPS_140-2). > > I'm wondering if someone can tell me whether the current cryptsetup or > dm-crypt offerings support this or not. I tried looking through a list of > validated cryptographic modules kept by the NIST, but I didn't have any > luck. > > Any help you can offer would be greatly appreciated. > > Thank you, > Justin Bennett > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt > _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
