FIPS PUB 140-2 certification
j at w1.fi
Mon Mar 23 06:44:05 EDT 2009
On Fri, Mar 20, 2009 at 09:41:02AM +0100, Daim, Harald wrote:
> Has somebody experience with the FIPS PUB 140-2 certification of a system using the open source modules
> hostapd and wpa_supplicant?
I have not heard of anyone doing this (not that this would necessarily
mean that it has not happened). Anyway, going through FIPS 140-2
validation would take quite a bit of effort both in modifying
hostapd/wpa_supplicant to meet certain requirements and then just going
through the validation process. Using FIPS 140-2 validated version of
OpenSSL (in FIPS mode) to replace some of the crypto code in
hostapd/wpa_supplicant would likely be a good starting point for this,
but unlikely to be enough.
In general, compliance with FIPS 140-2 has not been a design criteria
for the implementation, but I would be open to getting in changes that
would make it easier to go through the process (e.g., by using special
build options to do this). FIPS 140-2 does not really make much sense
for most use cases, but obviously it is needed for certain market areas.
Jouni Malinen PGP id EFC895FA
More information about the HostAP