[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Question about NIST listing
|
From: |
David Highley |
|
Subject: |
Re: Question about NIST listing |
|
Date: |
Sun, 8 Jan 2006 21:45:14 -0800 (PST) |
> On Sun, 8 Jan 2006, Philip Rowlands wrote:
>
>> On Sun, 8 Jan 2006, David Highley wrote:
>
> > Is it in the plans for running the SHA2 tests to get the sha256sum
> > sha384sum and sha512sum programs listed as tested on the NIST site?
>
> Probably not. I don't recall any mention of such validation in my time
> following this mailing list, and there's nothing similar that I can see
> in the TODO file.
>
> To clarify, are you asking for coreutils' SHA implementation to be
> validated in accordance with SHAVS [1], to appear in the SHS Validation
> List [2]?
Yes, so far the only open source software to appear is openssl.
> > We have a need for them to be listed. Thank you.
>
> It seems, from a quick skim of the NIST site, that implementations must
> be tested by an approved lab. As I doubt such certification is free, a
> sponsor would likely be needed.
That is what it looked like to me as well. I will need to investigate
the certification process and cost. We were just checking to see if
there was any knowledge of effort all ready in process. If you must
recertify with each release then it maybe a lost cause.
>
>
> Cheers,
> Phil
>
> [1] http://csrc.nist.gov/cryptval/shs/SHAVS.pdf
> [2]http://csrc.nist.gov/cryptval/shs/shaval.htm
>