On Thu August 6 2009, Carter Browne wrote: > I saw a reference to steps to breaking AES-256 encryption, but that if > the implementation were NIST Certified, there should be no concerns. > However if the implementation were not certified, there could be a > problem. In reviewing the NIST Certification list, the only OpenSSL > versions that were certified and were not in some vendors firmware were > the FIPS versions. As I do not use the FIPS version and I do use > AES-256 with OpenSSL, should I be concerned? Would it be worth the > effort to switch tot he FIPS version? Any input on this issue would be > appreciated. >
FIPS certification is a governmental procedure. The actual algorithms do not change - only the list of what is allowed. If you exclude the algorithms that FIPS excludes - your cryptographically the same (although not regulatory the same). Mike > Thanks, > > Carter > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
