EldoS | Feel safer!

Software components for data protection, secure storage and transfer

NIST certification for AES encryption

Also by EldoS: RawDisk
Access locked and protected files in Windows, read and write disks and partitions and more.
#34261
Posted: 08/19/2015 05:19:33
by Manoj Jain (Basic support level)
Joined: 02/28/2013
Posts: 94

Hello,

One of the customer is asking for a certification that encryption used is indeed AES 128 or AES 256.

On Google search I found about third parties certification as per NISL.

Have you taken any such s=certificate that we can directly show to the customer ?

or what would you suggest?
#34262
Posted: 08/19/2015 05:27:29
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Could you give us a link to the description of such NISL certification.

Quote
One of the customer is asking for a certification that encryption used is indeed AES 128 or AES 256.

SecureBlackbox is compatible with different third-party software, so indeed it uses correct AES implementation.
#34263
Posted: 08/19/2015 05:29:12
by Manoj Jain (Basic support level)
Joined: 02/28/2013
Posts: 94

http://web.townsendsecurity.com/bid/33265/AES-Encryption-and-NIST-Certification
#34264
Posted: 08/19/2015 05:32:30
by Manoj Jain (Basic support level)
Joined: 02/28/2013
Posts: 94

http://www.dekart.com/company/certificates/

http://www.dekart.com/fileadmin/company/Dekart%20NIST-CSE%20AES%20Algorithm%20Certificate.PDF
#34267
Posted: 08/19/2015 06:50:37
by Ken Ivanov (EldoS Corp.)

Hi Manoj,

Thank you for the details.

We currently do not hold any NIST certifications for our AES compounds. Still, every care was taken to ensure that our AES implementation is correct and implemented in accordance with AES standards and industry's best practices.

We also aim to keep our AES functionality compliant and secure by constantly running code assessments and compatibility tests with other implementations.

Ken
#34268
Posted: 08/19/2015 07:02:53
by Manoj Jain (Basic support level)
Joined: 02/28/2013
Posts: 94

Can you plan for such certification. It will be useful for all your customers as they will not require taking certification themselves.

What do you suggest us to do as we need to go for certification as it is client requirement.
#34271
Posted: 08/19/2015 07:27:33
by Ken Ivanov (EldoS Corp.)

Manoj,

We will discuss a possibility of applying for such certification within our team. If you could let me know the exact certification your customer is enquiring about (as there are loads of them at NIST's web site), and any reason behind that (e.g. governing body or regulation requirements)?

Thanks,

Ken
#34273
Posted: 08/19/2015 07:34:53
by Manoj Jain (Basic support level)
Joined: 02/28/2013
Posts: 94

Seems that they have evaluated some other product which provides such certificate. That's it.

Customer do not have any specific reason. Just to be sure about quality of encryption.

Even I am trying to find what should I do ?
I am closely associated with certification business and do management system audits for ISO 27000, ISO 14000 and ISO 9000.
But algorithm certification is something new for me too.

Will wait for your feedback .
#34278
Posted: 08/19/2015 08:50:36
by Ken Ivanov (EldoS Corp.)

Right, thank you for the information.

In fact, the field of cryptographic module certifications used to be fairly promising on some stage, but is not as popular nowadays. This is primarily because cryptographic systems became way more complex in recent years, and the fact that some of their modules are certified does not contribute towards the overall security of such systems.

Ken
Also by EldoS: MsgConnect
Cross-platform protocol-independent communication framework for building peer-to-peer and client-server applications and middleware components.

Reply

Statistics

Topic viewed 3106 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!