[Mono-dev] FIPS 140 cryptography

Sebastien Pouliot sebastien.pouliot at gmail.com
Thu Oct 11 08:17:12 EDT 2007


Hello Vladimir,

On Fri, 2007-10-05 at 09:02 -0400, Vladimir Giszpenc wrote:
> Hi,
> 
> The 100% managed implementation of Mono.Security is an elegant solution but
> the U.S. government may not be as trusting as I am.  Are there any plans to
> get official FIPS 140-2 certification?  

Yes and no. 

Yes. It's been discussed a few times in the past and everyone agrees it
would be nice to have.

No. The short story is that "it's a big, long and costly project" and
that there's been, so far, not many demand for it (wrt to other Mono
features).

> This would go a long way to ensuring
> net worthiness.

I totally agree :)


While it's less elegant (imho) you can still use FIPS140 certified
crypto in Mono by wrapping an existing toolkit (e.g. nss) in C# [1] and
using this as a replacement [2] for Mono's crypto (split in both
Mono.Security and mscorlib).


[1] which is exactly what MS is doing on Windows: the FIPS140 crypto
comes from CryptoAPI (managed stuff isn't certified) and wrapped in the
class library.

[2] it's possible to remap cryptographic algorithms using machine.config
(so all mono tools and *correctly* written applications/libraries will
be using your own crypto).


Sebastien

> Thanks,
> 
> Vladimir Giszpenc
> DSCI Contractor Supporting 
> US Army CERDEC S&TCD IAD Tactical Network Protection Branch
> (732) 532-8959
> 
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.ximian.com
> http://lists.ximian.com/mailman/listinfo/mono-devel-list




More information about the Mono-devel-list mailing list