FIPS 140-2 in BEAM apps

Erlang's crypto module has supported a "FIPS mode" since release 20.0. Drew will discuss why you may care about FIPS 140-2 encryption, ways to integrate it into your tests suites and gotchas to compliance. He will discuss how simply putting crypto in FIPS mode is not enough.

Learn how dependencies and built-in libraries can sneak non-FIPS crypto into your application. Drew will also cover some general techniques to detect security issues in your code.

OBJECTIVES

  • Familiarize audience with FIPS 140-2 cryptography mode and why they may care about it
  • Provide examples of how to validate a BEAM application's compatibility with FIPS 140-2 mode enabled

TARGET AUDIENCE

  • Software vendors that have the US Federal government as a potential customer
  • Software developers looking to validate that their application runs without dependencies on insecure cryptographic algorithms