5 points | by keepamovin 5 hours ago
1 comments
Windows: It queries BCryptGetFipsAlgorithmMode.
macOS: It strictly allowlists versions with valid Apple crypto certifications.
The result is if the check fails, it quits. No bundled crypto fallback. No "continue anyway."
It's a "deliberately boring" experiment to see what happens when you apply strict NIST SP 800-53 controls to a tiny, offline MVP.
It is written in Rust. The source is available for inspection.
Windows: It queries BCryptGetFipsAlgorithmMode.
macOS: It strictly allowlists versions with valid Apple crypto certifications.
The result is if the check fails, it quits. No bundled crypto fallback. No "continue anyway."
It's a "deliberately boring" experiment to see what happens when you apply strict NIST SP 800-53 controls to a tiny, offline MVP.
It is written in Rust. The source is available for inspection.