About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a survey by the National Institute of Standards and Technology has found. Almost all evaluated products had documentation errors, said Annabelle Lee, director of NIST's . . .
About half of the cryptographic modules submitted for Federal Information Processing Standard validation have security flaws, a survey by the National Institute of Standards and Technology has found. Almost all evaluated products had documentation errors, said Annabelle Lee, director of NIST's Cryptographic Module Validation Program.

Speaking today at the Federal Information Assurance Conference at the University of Maryland, Lee cited the impact the FIPS validation program is having on cryptography vendors. She said 80 of 164 crypto modules submitted for evaluation had flaws involving physical security, random number generation or key management. Of 332 algorithms validated, 88, or about one-fourth, had security flaws, and about two-thirds had documentation errors.

The link for this article located at gcn.com is no longer available.