Skip to Content.
Sympa Menu

ad-assurance - [AD-Assurance] RE:

Subject: Meeting the InCommon Assurance profile criteria using Active Directory

List archive

[AD-Assurance] RE:

Chronological Thread 
  • From: Brian Arkills <>
  • To: "" <>
  • Subject: [AD-Assurance] RE:
  • Date: Wed, 13 Mar 2013 15:55:43 +0000
  • Accept-language: en-US
  • Authentication-results:; dkim=neutral (message not signed) header.i=none

Answer from Tim Myers (Security Program Manager | Common Criteria and FIPS 140-2 Security Evaluations):


FIPS local policy doesn’t appear to impact PEK encryption. Ultimately, the Windows OS source code is the source of the answer.


We probably want to keep Tim's name handy for other questions.


From: [mailto:] On Behalf Of Brian Arkills
Sent: Friday, March 08, 2013 11:03 AM
Subject: [AD-Assurance] FW:


I sent the following question off to the DS MVPs and AD product team representatives. I've gotten a response back that there is a special FIPS mailing list within Microsoft where my question has been sent along to. I'll let folks know if/when I get something back on this.


From: Brian Arkills
Sent: Friday, March 08, 2013 9:34 AM


Does anyone know whether this FIPS setting also affects the encryption used by Active Directory for password encryption (and for the PEK encryption)?


I suspect it doesn't, but I'd be really happy to learn that it does. :)


If it doesn't, I think the KB should be modified to note that it doesn't affect all encryption processes that Windows uses so it isn't misleading.



  • [AD-Assurance] RE:, Brian Arkills, 03/13/2013

Archive powered by MHonArc 2.6.16.

Top of Page