Nokia IP265 Security Guide - Page 19
FIPS-Approved, Data encryption, Data packet integrity, Data hashing, Digital signature, Digital
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 19 highlights
FIPS-Approved Data encryption: • Advanced Encryption Standard (AES) in CBC mode (128 or 256 bit keys) - according to NIST FIPS PUB 197. • Triple DES (3DES) in CBC modes (168 bit keys) - according NIST FIPS PUB 46-3 (withdrawn) and NIST Special Publication 800-67. Only the FIPS-approved Triple DES and AES encryption algorithms are to be used in FIPS mode. DES and 1 key Triple DES are not FIPS-approved algorithms and should not be used in FIPS mode. Data packet integrity: • HMAC-SHA-1 (20 byte) - per NIST FIPS PUB 198, RFC 2104 (HMAC: Keyed-Hashing for Message Authentication), and RFC 2404 (using HMAC-SHA-1-96 within ESP and AH). Data hashing: • Secure Hash Algorithm (SHA-1) - according to NIST FIPS PUB 180-1 Digital signature: • Digital Signature Algorithm (DSA) - according to NIST FIPS PUB 186-2 with Change Notice 1 Digital signatures and Key transport: • RSA - all digital signature implementations are according to PKCS #1 The RSA key wrapping methodologies provide the following encryption strengths during key transport: SSHv1: provides between 57 bits and 80 bits of encryption strength (default is 70 bits of encryption strength). SSHv2: provides between 80 and 112 bits of encryption strength. TLS: provides 80 bits of encryption strength. © Copyright 2005, 2006, 2007 Nokia Page 19 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.