FIPS 140-2 in BEAM apps
Erlang's crypto module has supported a "FIPS mode" since release 20.0. Drew will discuss why you may care about FIPS 140-2 encryption, ways to integrate it into your tests suites and gotchas to compliance. He will discuss how simply putting crypto in FIPS mode is not enough.
Learn how dependencies and built-in libraries can sneak non-FIPS crypto into your application. Drew will also cover some general techniques to detect security issues in your code.
OBJECTIVES
- Familiarize audience with FIPS 140-2 cryptography mode and why they may care about it
- Provide examples of how to validate a BEAM application's compatibility with FIPS 140-2 mode enabled
TARGET AUDIENCE
- Software vendors that have the US Federal government as a potential customer
- Software developers looking to validate that their application runs without dependencies on insecure cryptographic algorithms