Rng

			STORAGE
CSP	CSP TYPE	GENERATION	And	USE
			ZEROIZATI
			ON

IKEv1/IKEv2 Diffie-	1024-bit	Generated internally	Stored in	Used in
Hellman Private key	Diffie-	during IKEv1/IKEv2	plaintext in	establishing
	Hellman	negotiation	volatile	the session key
	private key		memory;	for IPSec
			zeroized when
			session is
			closed or
			system is
			powered off

IKEv1/IKEv2 Diffie-	128 bit Octet	Generated internally	Stored in	IKEv1/IKEv2
Hellman shared secret		during IKEv1/IKEv2	plaintext in	payload
		negotiation	volatile	integrity
			memory;	verification
			zeroized when
			session is
			closed or
			system is
			powered off

ArubaOS OpenSSL RNG	Seed (16	Derived using NON-	Stored in	Seed ANSI
Seed for FIPS compliant	Bytes)	FIPS approved HW RNG	plaintext in	X9.31 RNG
ANSI X9.31, Appendix		(/dev/urandom)	volatile
A2.4 using AES-128 Key			memory only;
algorithm			zeroized on
			reboot

ArubaOS OpenSSL RNG	Seed key (16	Derived using NON-	Stored in	Seed ANSI
Seed key for FIPS	bytes, AES-	FIPS approved HW RNG	plaintext in	X9.31 RNG
compliant ANSI X9.31,	128 Key	(/dev/urandom)	volatile
Appendix A2.4 using	algorithm)		memory only;
AES-128 Key algorithm			zeroized on
			reboot

ArubaOS Cryptographic	Seed (64	Derived using NON-	Stored in	Seed 186-2
Module RNG Seed for	bytes)	FIPS approved HW RNG	plaintext in	General
FIPS compliant 186-2		(/dev/urandom)	volatile	Purpose (X
General Purpose (X			memory only;	change
change Notice); SHA-1			zeroized on	Notice); SHA-
RNG			reboot	1 RNG

ArubaOS Cryptographic	Seed Key	Derived using NON-	Stored in	Seed 186-2
Module RNG Seed key for	(64 bytes)	FIPS approved HW RNG	plaintext in	General
FIPS compliant 186-2		(/dev/urandom)	volatile	Purpose (X
General Purpose (X			memory only;	change
change Notice); SHA-1			zeroized on	Notice); SHA-
RNG			reboot	1 RNG

STORAGE

1 RNG