[strongSwan-dev] NIST SP800-131a

Dale H Anderson dalea at us.ibm.com
Fri Jan 11 17:45:47 CET 2013


Last year, I started a conversation about strongSwan's compliance with the 
NIST SP800-131a encryption standard. I believe all equipment sold to the 
U.S. government in 2014 will have to be compliant with this standard. I 
also believe that commercial interests, especially financial institutions, 
will follow with similar requirements.

We are currently using strongSwan version 4.6.1 with the built-in crypto 
routines. While I can specify the correct encryption algorithms and key 
lengths, I have learned that may not enough for compliance. Under the 
covers, the correct hashing algorithms must be used along with good 
entropy sources for the random number generator. Here is a link to a NIST 
site with more information on these standards. 

I am looking for information on what strongSwan has currently supports. 
Assuming it is using the built-in crypto routines, and it is operating in 
a compliant operation system, here are my questions.
1. Does strongSwan 4.6.1 comply with NIST SP800-131a?
2. If not, does any version of strongSwan comply with NIST SP800-131a?
3. If not, are there any plans for a version of strongSwan that will 
comply with NIST SP800-131a?

If the answer is no to all three questions, then we will look into using 
the OpenSSL or libgcrypt routines with strongSwan. Thank you for your 



Dale H. Anderson
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/dev/attachments/20130111/7265c9e1/attachment.html>

More information about the Dev mailing list