> On Jul 28, 2016, at 11:00 AM, pratyush parimal
> wrote:
>
> Hi Thomas,
>
> Thanks for your response! It clears up matters a lot :)
>
> There's one thing that I thought of though -- even though I'm generating the
> salt via non-OpenSSL means, the actual function that I'm using for hashing i
Hi Thomas,
Thanks for your response! It clears up matters a lot :)
There's one thing that I thought of though -- even though I'm generating
the salt via non-OpenSSL means, the actual function that I'm using for
hashing is "SHA512" from FIPS OpenSSL.
Does the mere usage of salt that was generated
> On Jul 27, 2016, at 8:18 PM, pratyush parimal
> wrote:
>
> Hi all,
>
> I work on a consumer application which is striving to be fips-140-2 compliant.
>
> I'm using OpenSSL as recommended in the fips guide by invoking
> fips_mode_set(). However, in certain parts of the same application, I'm
Hi all,
I work on a consumer application which is striving to be fips-140-2
compliant.
I'm using OpenSSL as recommended in the fips guide by invoking
fips_mode_set(). However, in certain parts of the same application, I'm
using my own non-OpenSSL random number generator to generate salts for
hash
