Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Citation please. There are multiple standards that implement PFS in the FIPS specs.


Fair enough, the ones I was involved with implementing/complying with (FIPS 140-2) ruled out things like DH(E) key exchange.

We had to comply with that standard to sell to the federal government at the time.

Things may well have changed.


ECDHE is standard for FIPS these days.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: