@fasterthanlime sometimes things like #fips compliance matters more than just speed...

Ever learned a new #programming language _just_ to debug a #security issue?... and then find out the compiler/interpreter needs to be compiled with #FIPS enabled? 🤦 Looking at you, #erlang!

#fips #merz #amthor

#gis mystery of the day: why does the #FIPS code for states skip 03, 07, 14, and 43?!?!

Is there a well known list of #fido keys and comparison of their (#security ) capabilities?

Such as
#level2
#fips
#nfc
#usbC
#usbA
….

Watching the Murdaugh trial live feed and saw the South Carolina court needs to activate (and apparently update) #Windows.

Can't wait until #RockyLinux and #AlmaLinux get their #FIPS validations so I can say there is a "free as in beer" replacement available, but in the meantime plenty of paid enterprise distros are validated. Would love to see more #FOSS in public use.

Now it's time to review the talks on #fosdem. One to highlight is the talk about #FIPS and #OpenSSL https://fosdem.org/2023/schedule/event/security_fips_in_openssl/ a lot of interesting information for developers that use libraries and crypto tools.

Edwards-curve Digital Signature Algorithm (EdDSA) is a digital signature scheme using a variant of Schnorr signature based on twisted Edwards curves Wikipedia
#cryptography #security #FIPS
https://en.wikipedia.org/wiki/EdDSA

FIPS 186-5 is out. It includes EdDSA (Ed25519, Ed448).

https://public-inspection.federalregister.gov/2023-02273.pdf

#crypto #nist #fips

#Heidelberg bekommt das On-Demand-Ruftaxi #Fips von der #RNV – und zwar in Ziegalhausen, Schlierbach und Rohrbach.

https://www.rnz.de/region/heidelberg_artikel,-heidelberg-fips-bus-soll-shuttle-in-drei-stadtteilen-werden-_arid,1042341.html
#ÖPNV

Hey @mprorock , are you aware of anyone who has written a step-by-step HOWTO on creating a fully https://www.w3.org/TR/did-core/ conformant #DIDDocument (did.json) using:

❖ #OpenSSL
❖ #FIPS compliant cryptographic primitives
❖ Stored in .well-known for #DIDResolution per the #did:web Method Spec @ https://w3c-ccg.github.io/did-method-web/

... of which, You Sir, are an editor! 🙂

Anyone else had the joy of troubleshooting #fips, #windows, and #ruby at the same time? https://thomaspowell.com/2022/11/16/fips-fingerprint-does-not-match/

It would be a great accelerator for #sbom adoption if there was a way to leverage them to accelerate #NIAP / #FIPS / #FedRAMP

If one was able to digitally attest to known approved versions of software libraries in their SBOM, you would think it could reduce their certification burden.

The current NIAP/CC/FedRAMP process is endlessly broken and this could be a great way to start to modernize it.

Are there any tools or vendors to help with determining FIPS compliance (I assume 140-3, but still figuring that out) for a large set of third-party libraries? So far, all I've gotten for internal guidance is "Figure out if our 3rd party dependencies are FIPS compliant", so starting from scratch here.

#FIPS #appsec #dependencies

I would create a reasonable introductory post, especially since I just moved servers, but I'm trying to get #openssl with #fips support running on #windows #ruby and, tbh, I'm flinging more spaghetti plates at the wall than the billionaire who owns that other site. But I hope I at least have a sense of humility about it.

Though I hate having to use this link, it is clear #redhat is a large social and developer culture promoter of toxic #github and this offers an example of what I mean. I am a bit glad redhat was bounced from many federal contracts, though they were replaced by #canonical. The key is #fips certification is required for federal linux uses. Github - all your code belong to copilot ;).

https://developers.redhat.com/devnation/tech-talks/github-makeover

I hear @IBM has setup #centos 9 streams. Given many federal agencies had already rejected rhel 8 and decided to upgrade from rhel 7 to @Canonical, even canceling ongoing contracts that proposed upgrading products to rhel 8, while requiring #fips compliant ubuntu for future things instead, I have no need to touch it, and have strong doubts ibm/ @redhat will remain a major distro player in the future.

RT @iamamoose@twitter.com

Our FIPS 140-2 validation report for the OpenSSL FIPS Provider was submitted to the CMVP on September 17.

https://keypair.us/2021/09/tested-configurations-for-openssl-3-0/ #openssl30 #fips #openssl

🐦🔗: https://twitter.com/iamamoose/status/1440415419710377989

Since the fed seems to now reject rhel, and I don't expect to ever have need for it again, I have purged my #redhat and #centos dev and redhat #fips testing images, saving a lot of disk space in the process.

It is possible to produce #fips certified binaries and native crypto with #golang, which I only recently learned, and part of why I looked at it again and chose using it once I got sane project environments working in it. While @google only offers a docker image with the boring ssl patches built on it, an easy way to get a full go dev environment with fips compliance is to eviscerate the docker image, and copy it's /usr/local/go to your amd64 linux distro directly.