Global Security Watch > Securing Sensitive Data: Understanding FIPS

[Computer Internet Security eLamb :: Main Page] FIPS are all the federal documents addressing how  sensitive data will be processed. Without these standards any government agency could use any kind of crypto they wanted with no regard of whether or not it is a SHA-1 that has just been cracked by the Chinese. 

Some related posts from Technorati and Google.

http://blogs.bartdesmet.net/bart [B# .NET Blog] Windows Vista Security - About Secure Startup, TPM, EFS, Syskey and much more: In order to secure the encryption key so that only the owning user can decrypt the file, the FEK itself is encrypted using public/private key encryption (RSA) using the public EFS key for the user. If multiple users need to able to access the file (which is the case when using recovery agents - by default the administator is a recovery agent - for instance), there will be one encrypted FEK for each user (encrypted with that user's public key).

http://blog.hishambaz.com [Blog.hishambaz.com] Easy Cryptography With EntLib: Under the Configuration App Block node, there is an Encryption Settings node to which you can add a new File Key Algorithm Storage Provider node. This allows you to specify a single algorithm and key to encrypt configuration data. 

Schneier.com[Schneier.com] Schneier on Security: The Legacy of DES: The Data Encryption Standard, or DES, was a mid-'70s brainchild of the National Bureau of Standards: the first modern, public, freely available encryption algorithm. For over two decades, DES was the workhorse of commercial cryptography.

Infoworld.comhttp://www.infoworld.com [Infoworld.com] Black Hat: Oracle's crypto not secure, researcher says | InfoWorld ...: The encryption features that come standard with Oracle's database, called DBMS Crypto and DBMS Obfuscation Toolkit, can be circumvented, he said in an interview.

Reflected tags on Technorati: Blog, ,