Tag Archives: fips

AWS CloudHSM 支援 FIPS 140-2 Level 3 了

AWS CloudHSM 推出了一些新功能:「AWS CloudHSM Update – Cost Effective Hardware Key Management at Cloud Scale for Sensitive & Regulated Workloads」。 其中比較特別的是從以前只支援 Level 2 變成支援 Level 3 了: More Secure – CloudHSM Classic (the original model) supports the generation and use of … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security, Service | Tagged , , , , , , , , , , , , | Leave a comment

BoringSSL 的 FIPS 140-2 驗證

看到由 Google 主導的 BoringSSL 有計劃將其中一塊申請 FIPS 140-2 的驗證計畫 (BoringCrypto 的部份):「FIPS 140-2」。 其中 FIPS 140-2 最有名的後門應該是 Dual_EC_DRBG (定義於 NIST SP 800-90A,被 FIPS 140-2 引用),所以特地講清楚他們選擇哪個演算法: FIPS 140-2 requires that one of its PRNGs be used (which they call DRBGs). In BoringCrypto, we … Continue reading

Posted in Computer, Library, Murmuring, Privacy, Security, Software | Tagged , , , , , , , , , | Leave a comment

AWS 的 CloudHSM...

AWS 推出 CloudHSM 服務:「AWS CloudHSM - Secure Key Storage and Cryptographic Operations」。 不便宜,看起來是為了需要 NIST FIPS 140-2 需求而設的吧?跑的是 Luna SA - Ethernet-Attached HSM,可以達到 Level 3 的安全性... 然後遇到安全性時的老問題,要怎麼 audit: Amazon claims that they have no access to keys stored on #AWS #CloudHSM, … Continue reading

Posted in AWS, Cloud, Computer, Hardware, Murmuring, Network, Security | Tagged , , , , , , , , | Leave a comment