- security News Forums
- > NIST-certified USB Flash drives with har...
- > Re: It actually probably meets FIPS 140-2 Level 2...
Posting 
- Thread
- Reply
- New Topic
- Show Thread
CryptoXYZ
(2 postings since 06 Jan 2010)
Re: It actually probably meets FIPS 140-2 Level 2... 06 January 2010 22:41
more..
The host PC in this scenario would have been considered "out of
scope" since the authentication information is being communicated via
the token's USB interface.
Another poster commented that for the best assurance, a Common
Criteria certification should have been performed. That testing
would have tested BOTH the host PC and the USB token in combination
with each other and exposed this vulnerability. FIPS 140-2 is not a
very strong standard in the first place.
- Posting
- Thread
- Reply
- New Topic
- Show Thread
- Threaded View
- Flat View
