Nokia IP265 Security Guide - Page 19

FIPS-Approved, Data encryption, Data packet integrity, Data hashing, Digital signature, Digital

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 19 highlights

FIPS-Approved Data encryption: • Advanced Encryption Standard (AES) in CBC mode (128 or 256 bit keys) - according to NIST FIPS PUB 197. • Triple DES (3DES) in CBC modes (168 bit keys) - according NIST FIPS PUB 46-3 (withdrawn) and NIST Special Publication 800-67. Only the FIPS-approved Triple DES and AES encryption algorithms are to be used in FIPS mode. DES and 1 key Triple DES are not FIPS-approved algorithms and should not be used in FIPS mode. Data packet integrity: • HMAC-SHA-1 (20 byte) - per NIST FIPS PUB 198, RFC 2104 (HMAC: Keyed-Hashing for Message Authentication), and RFC 2404 (using HMAC-SHA-1-96 within ESP and AH). Data hashing: • Secure Hash Algorithm (SHA-1) - according to NIST FIPS PUB 180-1 Digital signature: • Digital Signature Algorithm (DSA) - according to NIST FIPS PUB 186-2 with Change Notice 1 Digital signatures and Key transport: • RSA - all digital signature implementations are according to PKCS #1 The RSA key wrapping methodologies provide the following encryption strengths during key transport: ƒ SSHv1: provides between 57 bits and 80 bits of encryption strength (default is 70 bits of encryption strength). ƒ SSHv2: provides between 80 and 112 bits of encryption strength. ƒ TLS: provides 80 bits of encryption strength. © Copyright 2005, 2006, 2007 Nokia Page 19 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
FIPS-Approved
Data encryption:
Advanced Encryption Standard (AES) in CBC mode (128 or 256
bit keys) – according to NIST FIPS PUB 197.
Triple DES (3DES) in CBC modes (168 bit keys) – according
NIST FIPS PUB 46-3 (withdrawn) and NIST Special Publication
800-67.
Only the FIPS-approved Triple DES and AES encryption algorithms are to
be used in FIPS mode. DES and 1 key Triple DES are not FIPS-approved
algorithms and should not be used in FIPS mode.
Data packet integrity:
HMAC-SHA-1 (20 byte) – per NIST FIPS PUB 198, RFC 2104
(HMAC: Keyed-Hashing for Message Authentication), and RFC
2404 (using HMAC-SHA-1-96 within ESP and AH).
Data hashing:
Secure Hash Algorithm (SHA-1) – according to NIST FIPS PUB
180-1
Digital signature:
Digital Signature Algorithm (DSA) – according to NIST FIPS
PUB 186-2 with Change Notice 1
Digital signatures and Key transport:
RSA – all digital signature implementations are according to
PKCS #1
The RSA key wrapping methodologies provide the following
encryption strengths during key transport:
SSHv1: provides between 57 bits and 80 bits of encryption
strength (default is 70 bits of encryption strength).
SSHv2: provides between 80 and 112 bits of encryption
strength.
TLS: provides 80 bits of encryption strength.
© Copyright 2005, 2006, 2007
Nokia
Page 19 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.