http://www.mxisecurity.com/blog/cto/2008/07/14/fips-validated-is-more-than-a-check-box/ Just another WordPress weblog Fri, 10 Sep 2010 01:32:39 +0000 http://wordpress.org/?v=2.5.1 http://www.mxisecurity.com/blog/cto/2008/07/14/fips-validated-is-more-than-a-check-box/#comment-5261 Solutions for Portable Security » Blog Archive » The Security of Authentication Fri, 08 Jan 2010 23:22:44 +0000 http://www.mxisecurity.com/blog/cto/?p=7#comment-5261 [...] The best place for the authentication to occur in such a device is within the hardware.  Of course the more secure the hardware the better.  Some people are suggesting that the FIPS certification is meaningless given that the recent security flaw is associated with FIPS validated devices.   There is nothing wrong with the FIPS process but it must be understood that it only deals with what happens inside the cryptographic boundary and there is much more to consider when looking at overall security (see this blog entry for some more insight http://www.mxisecurity.com/blog/cto/2008/07/14/fips-validated-is-more-than-a-check-box/). [...] [...] The best place for the authentication to occur in such a device is within the hardware.  Of course the more secure the hardware the better.  Some people are suggesting that the FIPS certification is meaningless given that the recent security flaw is associated with FIPS validated devices.   There is nothing wrong with the FIPS process but it must be understood that it only deals with what happens inside the cryptographic boundary and there is much more to consider when looking at overall security (see this blog entry for some more insight http://www.mxisecurity.com/blog/cto/2008/07/14/fips-validated-is-more-than-a-check-box/). [...]

]]>