[strongSwan-dev] NIST SP800-131a
Dale H Anderson
dalea at us.ibm.com
Fri Jan 11 17:45:47 CET 2013
Last year, I started a conversation about strongSwan's compliance with the
NIST SP800-131a encryption standard. I believe all equipment sold to the
U.S. government in 2014 will have to be compliant with this standard. I
also believe that commercial interests, especially financial institutions,
will follow with similar requirements.
We are currently using strongSwan version 4.6.1 with the built-in crypto
routines. While I can specify the correct encryption algorithms and key
lengths, I have learned that may not enough for compliance. Under the
covers, the correct hashing algorithms must be used along with good
entropy sources for the random number generator. Here is a link to a NIST
site with more information on these standards.
I am looking for information on what strongSwan has currently supports.
Assuming it is using the built-in crypto routines, and it is operating in
a compliant operation system, here are my questions.
1. Does strongSwan 4.6.1 comply with NIST SP800-131a?
2. If not, does any version of strongSwan comply with NIST SP800-131a?
3. If not, are there any plans for a version of strongSwan that will
comply with NIST SP800-131a?
If the answer is no to all three questions, then we will look into using
the OpenSSL or libgcrypt routines with strongSwan. Thank you for your
Dale H. Anderson
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Dev