Enterasys Networks XSR-1850, XSR-1805, XSR-3250 manual Cryptographic Key Management

Page 16

Cryptographic Key Management

The modules implement the following FIPS-approved algorithms:

Type

Algorithm

Standard

Certificate Number

Symmetric

AES (CBC)

FIPS 197

Cert. #48, #106, #107

 

Triple-DES (CBC and

FIPS 46-3

Cert. #158, #218, #219,

 

ECB)

 

#220

 

DES (CBC)

FIPS 46-3

Cert. #204, #238, #239,

 

 

 

#240

Asymmetric

DSA

FIPS 186-2 Change

Cert. #97

 

 

Notice 1

 

 

RSA Digital Signature

PKCS #1

Vendor affirmed

Hash function

SHA-1

FIPS 180-1

Cert. #143, #197, #198,

 

 

 

#199

MAC

HMAC SHA-1

FIPS 198

Cert. #143, #197, #198,

 

 

 

#199; vendor affirmed

PRNG

Appendix 3.1 (Algorithm

FIPS 186-2 Change

N/A

 

1) for computing DSA

Notice 1

 

 

keys

 

 

 

Appendix 3.1 for

 

 

 

general purpose

 

 

Table 7 – FIPS-Approved Algorithm supported by the Module

Note: DES should be used for legacy purposes only.

The modules implement the following non-FIPS-approved algorithms:

HMAC MD5

MD5

MD4

40-bit and 128-bit RC4

CAST

Blowfish

Twofish

ARCfour

Diffie-Hellman (permitted for use in a FIPS-approved mode of operation)

Cryptographic algorithms are implemented in software and in hardware by

© Copyright 2003 Enterasys Networks Page 16 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 15 Page 17
Image 16
Page 15 Page 17
Contents Fips 140-2 Non-Proprietary Security Policy Table of Contents Purpose ReferencesDocument Organization Copyright 2003 Enterasys Networks Page 3Copyright 2003 Enterasys Networks Page 4 Overview Copyright 2003 Enterasys Networks Page 5Cryptographic Module Copyright 2003 Enterasys Networks Page 7 Module Interfaces EMI/EMCSelf-tests Design Assurance Mitigation of Other Attacks Copyright 2003 Enterasys Networks Page 8Copyright 2003 Enterasys Networks Page 9 Module Physical Ports Fips 140-2 Logical Interface Copyright 2003 Enterasys Networks Page 10Roles and Services Copyright 2003 Enterasys Networks Page 11SSH SnmpVPN IKE Authenticate to the module during IKE. ThisCopyright 2003 Enterasys Networks Page 14 Algorithm using a 1024 bit key pair Physical SecurityOperational Environment Mechanism is as strong as the RSACryptographic Key Management Fips 186-2 Prng Copyright 2003 Enterasys Networks Page 18 Copyright 2003 Enterasys Networks Page 19 Self-Tests Copyright 2003 Enterasys Networks Page 20Mitigation of Other Attacks Design AssuranceCopyright 2003 Enterasys Networks Page 21 Crypto Officer Guidance Copyright 2003 Enterasys Networks Page 22Enter copy running-config startup-config Copyright 2003 Enterasys Networks Page 23User Guidance Copyright 2003 Enterasys Networks Page 24XSR Copyright 2003 Enterasys Networks Page 25
Top Page Image Contents