From: Arno Wagner <wagner.arno@gmail.com>
Date: Sun, 22 Apr 2012 18:17:05 +0000 (+0200)
Subject: synced with wiki version
X-Git-Tag: upstream/1.6~294
X-Git-Url: http://review.tizen.org/git/?p=platform%2Fupstream%2Fcryptsetup.git;a=commitdiff_plain;h=e1d410953b90157cbc2d21d346493bdc463af7fe

synced with wiki version
---

diff --git a/FAQ b/FAQ
index b41d233..92370f0 100644
--- a/FAQ
+++ b/FAQ
@@ -949,6 +949,23 @@ A. Contributors
   apply.
 
 
+ * 5.16 Is LUKS FIPS-140-2 certified?
+
+  No. But that is more a problem of FIPS-140-2 than of LUKS. From a
+  technical point-of-view, LUKS with the right parameters would be
+  FIPS-140-2 compliant, but in order to make it certified, somebody
+  has to pay real money for that. And then, whenever cryptsetup is
+  changed or extended, the certification lapses and has to be
+  obtained again.
+
+  From the aspect of actual security, LUKS with default parameters
+  should be as good as most things that are FIPS-140-2 certified,
+  although you may want to make sure to use /dev/random (by
+  specifying --use-random on luksFormat) as randomness source for
+  the master key to avoid being potentially insecure in an
+  entropy-starved situation.
+
+
 6. Backup and Data Recovery