Enterasys Networks XSR-3250, XSR-1805, XSR-1850 manual XSR-18xx - Triple-DES, DES, and HMAC SHA-1

CSPs and non-

CSPs and non-

Generation

Storage

Use

critical SPs

critical SPs type

Key encryption

168-bit TDES key

External

Hard-coded in

Encrypts master

key

plaintext

encryption key

Master encryption

168-bit TDES key

Internal – using

Stored encrypted

Encrypts user data,

key

FIPS 186-2 PRNG

in NVRAM of the

certificates, and

Or

Dallas DS1687

DSA host key, and

External

real time clock

the load test HMAC

chip

SHA-1 key

DSA host key pair

160-bit DSA

Internal – using

Stored encrypted

Module

private key and

FIPS 186-2 PRNG

in Flash

authentication

1024-bit DSA

during SSHv2

public key

IKE RSA key pair

1024-bit RSA

Internal – using

Stored encrypted

Module

private/public key

FIPS 186-2 PRNG

in Flash

authentication

pair

during IKE

IKE User RSA

1024-bit RSA

External

Stored encrypted

User authentication

public keys

public key

in Flash

during IKE

Pre-shared keys

≥ 6-character pre-

External

Stored encrypted

User and module

shared key

in Flash

authentication

during IKE

IKE Diffie-Hellman

768/1024/1536-bit

Internal – using

Stored in plaintext

Key agreement

key pair

Diffie-Hellman

FIPS 186-2 PRNG

in memory

during IKE

private/public key

pair

IKE User Diffie-

768/1024/1536-bit

External

Stored in plaintext

Key agreement

Hellman public key

Diffie-Hellman

in memory

during IKE

public key

SSHv2 Diffie-

768/1024/1536-bit

Internal – using

Stored in plaintext

Key agreement

Hellman key pair

Diffie-Hellman

FIPS 186-2 PRNG

in memory

during SSHv2

private/public key

pair

SSHv2 User Diffie-

768/1024/1536-bit

External

Stored in plaintext

Key agreement

Hellman public key

Diffie-Hellman

in memory

during SSHv2

public key

SSHv2 session

168-bit TDES or

Established during

Stored in plaintext

Secure SSH traffic

keys

128/192/256-bit

the SSH key

in memory

AES keys; HMAC

exchange using

SHA-1 keys

the Diffie-Hellman

key agreement