The National Institute of Standards and Technology has approved an open-source library of encryption algorithms for use on sensitive government networks, the Open Source Software Institute announced this month. The cryptographic module of OpenSSL (https://www.openssl.org:443/ ), an open-source version of Secure . . .
The National Institute of Standards and Technology has approved an open-source library of encryption algorithms for use on sensitive government networks, the Open Source Software Institute announced this month. The cryptographic module of OpenSSL (https://www.openssl.org:443/ ), an open-source version of Secure Sockets Layer encryption, has passed Federal Information Processing Standard 140-2 Level 1 tests. The library in version 0.9.7b of OpenSSL was validated--FIPS serves as validation only for encryption modules, not entire software packages.

U.S. federal agencies must use FIPS-compliant products to secure networks carrying unclassified but sensitive data.

The OpenSSL library uses the Advanced Encryption Standard, the Data Encryption Standard, the Digital Signature Algorithm, FIPS-mode RSA and the FIPS-qualified Secure Hash Algorithm-1, or SH-1.

Software testing was sponsored by the Defense Department's Defense Medical Logistics Standard Support Program, Hewlett-Packard Co., OSSI, PreVal Specialists Inc., OpenSSL developers and the Domus IT Security Laboratory of Ottawa, which did the validation testing.

The link for this article located at GCN is no longer available.