Re: [dm-crypt] LUKS encryption standards

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Milan Broz <mbroz@redhat.com>
To: "Bennett, Justin" <justin.bennett@lmco.com>
Cc: "dm-crypt@saout.de" <dm-crypt@saout.de>
Subject: Re: [dm-crypt] LUKS encryption standards
Date: Wed, 29 Feb 2012 20:24:06 +0100	[thread overview]
Message-ID: <4F4E7B56.9090801@redhat.com> (raw)
In-Reply-To: <9933F8F05BE54E4C94A0C56FD682EDC9018CE0@HVXDSP23.us.lmco.com>

On 02/29/2012 05:23 PM, Bennett, Justin wrote:
> I’d like to use the LUKS-based encryption that is available during
> the installation of RHEL 5 (the OS we’ll be using going forward) but
> I need to know some specific information regarding the encryption
> standards that are met by LUKS. Specifically, the customer requires
> that the encryption meet the standards set forth by the United States
> Dept. of Commerce in FIPS-140-2
> (http://en.wikipedia.org/wiki/FIPS_140-2).

Hi,

As you already found, RHEL5 has no FIPS certified module for disk
volume encryption.

For RHEL6, there is such module in validation process
(based on LUKS/cryptsetup/dm-crypt).

But anyway, this is really question for Red Hat support channel.

> I’m wondering if someone can tell me whether the current cryptsetup
> or dm-crypt offerings support this or not. I tried looking through a
> list of validated cryptographic modules kept by the NIST, but I
> didn’t have any luck.

Also check modules in process page.

Milan

next prev parent reply	other threads:[~2012-02-29 19:24 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-02-29 16:23 [dm-crypt] LUKS encryption standards Bennett, Justin
2012-02-29 19:09 ` Sven Eschenberg
2012-02-29 19:51   ` [dm-crypt] EXTERNAL: " Bennett, Justin
2012-02-29 22:40     ` Sven Eschenberg
2012-03-01 13:19       ` Bennett, Justin
2012-02-29 19:24 ` Milan Broz [this message]
2012-02-29 19:45   ` Bennett, Justin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4F4E7B56.9090801@redhat.com \
    --to=mbroz@redhat.com \
    --cc=dm-crypt@saout.de \
    --cc=justin.bennett@lmco.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.