David Stutzman wrote: > Hopefully these will be relatively easy questions for you guys. I'm > asking about the internal softtoken. > > Is there a max length for a cert nickname?
I think NSS imposes no maximum. I suspect that values longer than about 15KB will not work. :) In practice the name should be short enough to be easily displayed on one line in a cert selection dialog. > What is the min/max password length when the module is operating in FIPS > 140-2 mode? Wan-Teh will have to answer that. I think it has changed recently. It seems that the requirements have changed since the last time NSS was FIPS 140 evaluated, or at least our new test lab interprets them very differently. > I've read in the past somewhere something about needing to enforce the > minimum password length for FIPS mode in the future as it's not being > done now. I have some modules in FIPS mode and when I query the minimum > password length with PK11_GetMinimumPwdLength it reports 7 but I am > currently using a password of length 4 and everything is working just > fine. That doesn't sound right (to me). Are you sure you're running in FIPS mode? > I just want to make sure things will work ok in the future when > the final FIPS approved version of NSS comes out. -- Nelson B _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
