[strongSwan-dev] NIST SP800-131a
Dale H Anderson
dalea at us.ibm.com
Fri Jan 11 17:45:47 CET 2013
Hello,
Last year, I started a conversation about strongSwan's compliance with the
NIST SP800-131a encryption standard. I believe all equipment sold to the
U.S. government in 2014 will have to be compliant with this standard. I
also believe that commercial interests, especially financial institutions,
will follow with similar requirements.
We are currently using strongSwan version 4.6.1 with the built-in crypto
routines. While I can specify the correct encryption algorithms and key
lengths, I have learned that may not enough for compliance. Under the
covers, the correct hashing algorithms must be used along with good
entropy sources for the random number generator. Here is a link to a NIST
site with more information on these standards.
http://csrc.nist.gov/publications/PubsSPs.html.
I am looking for information on what strongSwan has currently supports.
Assuming it is using the built-in crypto routines, and it is operating in
a compliant operation system, here are my questions.
.
1. Does strongSwan 4.6.1 comply with NIST SP800-131a?
2. If not, does any version of strongSwan comply with NIST SP800-131a?
3. If not, are there any plans for a version of strongSwan that will
comply with NIST SP800-131a?
If the answer is no to all three questions, then we will look into using
the OpenSSL or libgcrypt routines with strongSwan. Thank you for your
help.
Regards,
Dale
Dale H. Anderson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130111/7265c9e1/attachment.html>
More information about the Dev
mailing list