Thanks for the comments - much appreciated. The following question might be on the naive side of things, but then I'm all new to this. Since crypt() in glibc2 supports SHA-256 and SHA-512 for password, and assuming that these two are FIPS compatible, what would be the (financial) overhead of having the crypto part of glibc2 go through validation ? It sounds very odd, not to mention very expensive, but I'm asking nevertheless, in case there is a possibility. In other words, is the only practical and viable option regarding this to re-implement crypt() using EVP methods ? - thanks. Regards. -- View this message in context: http://openssl.6102.n7.nabble.com/openssl-users-FIPS-mode-restrictions-and-DES-tp57497p57527.html Sent from the OpenSSL - User mailing list archive at Nabble.com.
