[dm-crypt] EXTERNAL: Re: LUKS encryption standards

Bennett, Justin justin.bennett at lmco.com
Wed Feb 29 20:45:03 CET 2012


Thanks for your response.  I don't think we'll be able to jump to RHEL 6, unfortunately.  

It sounds like you believe that the Redhat support we have would be able to help me come up with something that is FIPS certified, is that correct?  If so, I can definitely start working with them (I'm not used to having support available, so I hadn't even though of it).


-----Original Message-----
From: Milan Broz [mailto:mbroz at redhat.com] 
Sent: Wednesday, February 29, 2012 2:24 PM
To: Bennett, Justin
Cc: dm-crypt at saout.de
Subject: EXTERNAL: Re: [dm-crypt] LUKS encryption standards

On 02/29/2012 05:23 PM, Bennett, Justin wrote:
> I'd like to use the LUKS-based encryption that is available during
> the installation of RHEL 5 (the OS we'll be using going forward) but
> I need to know some specific information regarding the encryption
> standards that are met by LUKS. Specifically, the customer requires
> that the encryption meet the standards set forth by the United States
> Dept. of Commerce in FIPS-140-2
> (http://en.wikipedia.org/wiki/FIPS_140-2).


As you already found, RHEL5 has no FIPS certified module for disk
volume encryption.

For RHEL6, there is such module in validation process
(based on LUKS/cryptsetup/dm-crypt).

But anyway, this is really question for Red Hat support channel.

> I'm wondering if someone can tell me whether the current cryptsetup
> or dm-crypt offerings support this or not. I tried looking through a
> list of validated cryptographic modules kept by the NIST, but I
> didn't have any luck.

Also check modules in process page.


More information about the dm-crypt mailing list