Nokia IP265 Security Guide - Page 20

Key agreement / Key establishment, Check Point VPN-1 NGX R60, Pseudo-Random Number Generation,

Get Nokia IP265 - Security Appliance PDF manuals and user guides View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 20 highlights

Only methodologies providing a minimum of 80 bits of encryption strength are allowed in FIPS mode. Encryption strength is determined in accordance with FIPS 140-2 Implementation Guidance 7.5 and NIST Special Publication 800-57 (Part 1). Key agreement / Key establishment: • The Diffie-Hellman key agreement key establishment methodology used by the different firmware implementations present in the module (used for IKE and SSHv2) provides the following encryption strengths: o IPSO: methodology provides between 57 and 112 bits of encryption strength o Check Point VPN-1 NGX (R60): methodology provides between 70 and 128 bits of encryption strength. Only methodologies providing a minimum of 80 bits of encryption strength are allowed in FIPS mode. Encryption strength is determined in accordance with FIPS 140-2 Implementation Guidance 7.5 and NIST Special Publication 800-57 (Part 1). Pseudo-Random Number Generation: • ANSI X9.31 PRNG This module also implements the following PRNGs, which are not used for cryptographic purposes: • ARC4-based PRNG • Simple Linear Congruential PRNG The module implements the following protocols permitted for use in a FIPS-approved mode of operation: Session security: • SSHv1 (configured to use FIPS-approved algorithms) • SSHv2 (configured to use FIPS-approved algorithms) • TLS v1.0 (configured to use FIPS-approved algorithms) according to RFC 2246 • IPSec (configured to use FIPS-approved algorithms) © Copyright 2005, 2006, 2007 Nokia Page 20 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
Only methodologies providing a minimum of 80 bits of encryption
strength are allowed in FIPS mode. Encryption strength is
determined in accordance with FIPS 140-2 Implementation
Guidance 7.5 and NIST Special Publication 800-57 (Part 1).
Key agreement / Key establishment:
The Diffie-Hellman key agreement key establishment
methodology used by the different firmware implementations
present in the module (used for IKE and SSHv2) provides the
following encryption strengths:
o
IPSO
: methodology provides between 57 and 112 bits of
encryption strength
o
Check Point VPN-1 NGX (R60)
: methodology provides
between 70 and 128 bits of encryption strength.
Only methodologies providing a minimum of 80 bits of encryption
strength are allowed in FIPS mode. Encryption strength is
determined in accordance with FIPS 140-2 Implementation
Guidance 7.5 and NIST Special Publication 800-57 (Part 1).
Pseudo-Random Number Generation:
ANSI X9.31 PRNG
This module also implements the following PRNGs, which are not used for
cryptographic purposes:
ARC4-based PRNG
Simple Linear Congruential PRNG
The module implements the following protocols permitted for use in a
FIPS-approved mode of operation:
Session security:
SSHv1 (configured to use FIPS-approved algorithms)
SSHv2 (configured to use FIPS-approved algorithms)
TLS v1.0 (configured to use FIPS-approved algorithms)
according to RFC 2246
IPSec (configured to use FIPS-approved algorithms)
© Copyright 2005, 2006, 2007
Nokia
Page 20 of 43
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.