From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aWxVOEFX4V5p for ; Wed, 29 Feb 2012 20:24:14 +0100 (CET) Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Wed, 29 Feb 2012 20:24:13 +0100 (CET) Message-ID: <4F4E7B56.9090801@redhat.com> Date: Wed, 29 Feb 2012 20:24:06 +0100 From: Milan Broz MIME-Version: 1.0 References: <9933F8F05BE54E4C94A0C56FD682EDC9018CE0@HVXDSP23.us.lmco.com> In-Reply-To: <9933F8F05BE54E4C94A0C56FD682EDC9018CE0@HVXDSP23.us.lmco.com> Content-Type: text/plain; charset="windows-1252"; format="flowed" Content-Transfer-Encoding: quoted-printable Subject: Re: [dm-crypt] LUKS encryption standards List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: "Bennett, Justin" Cc: "dm-crypt@saout.de" On 02/29/2012 05:23 PM, Bennett, Justin wrote: > I=92d like to use the LUKS-based encryption that is available during > the installation of RHEL 5 (the OS we=92ll be using going forward) but > I need to know some specific information regarding the encryption > standards that are met by LUKS. Specifically, the customer requires > that the encryption meet the standards set forth by the United States > Dept. of Commerce in FIPS-140-2 > (http://en.wikipedia.org/wiki/FIPS_140-2). Hi, As you already found, RHEL5 has no FIPS certified module for disk volume encryption. For RHEL6, there is such module in validation process (based on LUKS/cryptsetup/dm-crypt). But anyway, this is really question for Red Hat support channel. > I=92m wondering if someone can tell me whether the current cryptsetup > or dm-crypt offerings support this or not. I tried looking through a > list of validated cryptographic modules kept by the NIST, but I > didn=92t have any luck. Also check modules in process page. Milan