I saw a reference to steps to breaking AES-256 encryption, but that if the implementation were NIST Certified, there should be no concerns. However if the implementation were not certified, there could be a problem. In reviewing the NIST Certification list, the only OpenSSL versions that were certified and were not in some vendors firmware were the FIPS versions. As I do not use the FIPS version and I do use AES-256 with OpenSSL, should I be concerned? Would it be worth the effort to switch tot he FIPS version? Any input on this issue would be appreciated.
Thanks, Carter -- Carter Browne CBCS cbro...@cbcs-usa.com 781-721-2890 ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
