Our Products:   CompleteFTP  edtFTPnet/Free  edtFTPnet/PRO  edtFTPj/Free  edtFTPj/PRO
0 votes
in FAQ: CompleteFTP by (47.1k points)
retagged by
Is CompleteFTP FIPS-140 certified?

1 Answer

0 votes
by (20.7k points)
Best answer

People often ask us if CompleteFTP is FIPS-140 certified.

The answer is no, but from from version 6.3.0, CompleteFTP will run correctly when Use FIPS compliant algoritms for encryption, hashing, and signing, is enabled on the Windows machine it is installed on. Applications are permitted to disable FIPS compliance, and CompleteFTP does this so that it can still be run.

Karl Levinson at SecLists.Org outlines the reasons why we have chosen not to pursue FIPS-140 compliance.

This quote explains the main reason why our products are not FIPS-140 certified:

FIPS certification is probably expensive and time consuming for the vendor, so that the products that get it would tend to be older products from larger, more monolithic companies, which may not necessarily guarantee you're getting superlative security.

And here's an illustration of how FIPS-140 certification can actually result in a lower level of security:

With MS Windows, for example, you probably don't want to enable "FIPS-compliant encryption mode," because an older, weaker encryption algorithm will be used for EFS disk encryption, rather than newer, stronger but uncertified protocols.

- Hans Andersen (EnterpriseDT)

by (100 points)
The link seems no longer valid (I get a completely blank page) and I'm curious for your reasons as FIPS-140 certification would go a long way to getting completeFTP accepted as a viable solution in my company. Can you provide another link to the content?