Cisco C3230-1W-49-K9 Hardware Guide - Page 41
Ethernet Bundling Controller EBC and Cipher Block Chaining CBC modes for both DES, Two-key K1
View all Cisco C3230-1W-49-K9 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 41 highlights
Chapter 2 Cisco 3270 Rugged Router Card The EUs are: • Public Key Execution Unit (PKEU) supporting: - RSA and Diffie-Hellman - Programmable field size up to 2048 bits - Elliptical curve cryptography • Data Encryption Standard Execution Unit (DEU) - Data Encryption Standard (DES) - Triple Data Encryption Standard (3DES) - Two-key (K1, K2) or three-key (K1, K2, K3) - Ethernet Bundling Controller (EBC) and Cipher Block Chaining (CBC) modes for both DES and 3DES • Advanced Encryption Standard Unit (AESU) - Implements the Rinjdael symmetric key cipher - Key lengths of 128, 192, and 256 bits - ECB, CBC, CCM, and AES Counter Mode (a block cipher that encrypts 128-bit blocks of data at a time with a 128-bit encryption key) • ARC Four execution unit (AFEU) - A stream cipher compatible with the RC4 algorithm - 40- to 128-bit programmable key • Message Digest Execution Unit (MDEU) - Secure Hash Algorithm (SHA) with a 160-bit or 256-bit message digest - Message Digest 5 (MD5) with a 128-bit message digest - Hash-based Message Authentication Code (HMAC) with either algorithm • Random Number Generator (RNG) • Four crypto channels, each supporting multi command descriptor chains - Static or dynamic assignment of crypto-execution units through an integrated controller - Buffer size of 256 bytes for each EU, with flow control for large data sizes Caution Zeroization is a feature that erases all potentially sensitive information from the router. It is disabled by default on the router. When Zeroization is not configured on the router, the AUX port functions as a modem port or a terminal port. Zeroization is configured through the command-line interface (CLI), but it cannot be activated through the CLI. Zeroization is activated by actuating a custom switch connected to the GPIO pins or an actuator (such as a push button) that must be attached to the AUX port. There is no way for the router to reliably determine whether a device attached to the AUX port is an actuator. Therefore, any device attached to the AUX port could potentially trigger declassification. When declassification is enabled through the CLI, we recommend that you do not use the AUX port for any function other than declassification. OL-5816-10 Cisco 3200 Series Router Hardware Reference 2-5