Month: September 2015

Many technology vendors implement OpenSSH with OpenSSL in their embedded system or appliance prior to starting a FIPS 140-2 validation. During the FIPS testing process, the vendor discovers that the FIPS Laboratory must verify the OpenSSH implementation: 1. Uses FIPS Approved cryptographic algorithms (with CAVP certificates) 2. Includes self-tests for the FIPS Approved algorithms 3. […]

Read MoreMore Tag

Version 3.6.8 of the wolfSSL embedded SSL/TLS library has been released and is now available for download. Release 3.6.8 of wolfSSL fixes two high severity vulnerabilities. It also includes bug fixes and new features including: – Two High level security fixes, all users SHOULD update. a) If using wolfSSL for DTLS on the server side […]

Read MoreMore Tag

Attack on RSA CRT:A recent paper written by Florian Weimer of the Red Hat Product Security group shows a fault attack on RSA. Many cryptographic libraries that perform RSA operations use an optimization called CRT (Chinese Remainder Theorem). The attack is based off of creating a fault during the CRT process, for example; by causing […]

Read MoreMore Tag

FIPS 140-2 revalidation testing requires the implemented algorithms to successfully complete the cryptographic algorithm validation process on the target operating environment (algorithm certificates for tested operating environments are here: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program). The cryptographic module must also successfully complete operational testing on the operating environment with a FIPS testing laboratory. The wolfCrypt FIPS 140-2 certificate #2425 will soon include all […]

Read MoreMore Tag

Lighttpd (pronounced lighty) is a web server that has a small footprint size in comparison to other web servers. Setting up Lighttpd allows for handling HTTP requests and with the addition of TLS/SSL also handling HTTPS requests. The benefit of having a small footprint size is that it takes up less memory for total installation […]

Read MoreMore Tag