Cryptographic Key Management

The modules implement the following FIPS-approved algorithms:

Type

Algorithm

Standard

Certificate Number

Symmetric

AES (CBC)

FIPS 197

Cert. #48, #106, #107

 

Triple-DES (CBC and

FIPS 46-3

Cert. #158, #218, #219,

 

ECB)

 

#220

 

DES (CBC)

FIPS 46-3

Cert. #204, #238, #239,

 

 

 

#240

Asymmetric

DSA

FIPS 186-2 Change

Cert. #97

 

 

Notice 1

 

 

RSA Digital Signature

PKCS #1

Vendor affirmed

Hash function

SHA-1

FIPS 180-1

Cert. #143, #197, #198,

 

 

 

#199

MAC

HMAC SHA-1

FIPS 198

Cert. #143, #197, #198,

 

 

 

#199; vendor affirmed

PRNG

Appendix 3.1 (Algorithm

FIPS 186-2 Change

N/A

 

1) for computing DSA

Notice 1

 

 

keys

 

 

 

Appendix 3.1 for

 

 

 

general purpose

 

 

Table 7 – FIPS-Approved Algorithm supported by the Module

Note: DES should be used for legacy purposes only.

The modules implement the following non-FIPS-approved algorithms:

HMAC MD5

MD5

MD4

40-bit and 128-bit RC4

CAST

Blowfish

Twofish

ARCfour

Diffie-Hellman (permitted for use in a FIPS-approved mode of operation)

Cryptographic algorithms are implemented in software and in hardware by

© Copyright 2003 Enterasys Networks Page 16 of 25

This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

Page 15 Page 17
Page 16
Image 16
Enterasys Networks XSR-1850, XSR-1805, XSR-3250 manual Cryptographic Key Management
Page 15 Page 17
Top Page Image Contents