Subject: Meeting the InCommon Assurance profile criteria using Active Directory
- From: Brian Arkills <>
- To: "" <>
- Subject: [AD-Assurance] RE: http://support.microsoft.com/kb/811833
- Date: Fri, 26 Apr 2013 16:51:11 +0000
- Accept-language: en-US
- Authentication-results: sfpop-ironport01.merit.edu; dkim=neutral (message not signed) header.i=none
Here's that contact name ...
On Behalf Of Brian Arkills
Sent: Wednesday, March 13, 2013 8:56 AM
Subject: [AD-Assurance] RE: http://support.microsoft.com/kb/811833
Answer from Tim Myers (Security Program Manager | Common Criteria and FIPS 140-2 Security Evaluations):
FIPS local policy doesn’t appear to impact PEK encryption. Ultimately, the Windows OS source code is the source of the answer.
We probably want to keep Tim's name handy for other questions.
I sent the following question off to the DS MVPs and AD product team representatives. I've gotten a response back that there is a special FIPS mailing list within Microsoft where my question has been sent along
to. I'll let folks know if/when I get something back on this.
Does anyone know whether this FIPS setting also affects the encryption used by Active Directory for password encryption (and for the PEK encryption)?
I suspect it doesn't, but I'd be really happy to learn that it does. :)
If it doesn't, I think the KB should be modified to note that it doesn't affect all encryption processes that Windows uses so it isn't misleading.
- [AD-Assurance] RE: http://support.microsoft.com/kb/811833, Brian Arkills, 04/26/2013
Archive powered by MHonArc 2.6.16.