Cisco 7609-S User Guide - Page 18

Algorithm IOS AES 1634 Triple-DES 1070 SHS 1439 HMAC 961 DRBG 88 RSA 808 Table 7 Approved Cryptographic Algorithms 2.5.2 Non-FIPS Approved Algorithms Allowed in FIPS Mode The module supports the following non-FIPS approved algorithms which are permitted for use in the FIPS approved mode: • Diffie-Hellman (key agreement; key establishment methodology provides between 80 and 156 bits of encryption strength) • RSA (key wrapping; key establishment methodology provides between 80 and 112 bits of encryption strength) 2.5.3 Non-Approved Cryptographic Algorithms The module supports the following non-approved cryptographic algorithms that shall not be used in FIPS mode of operation: • DES • DES MAC • MD5 • MD4 • HMAC MD5 • Non Approved RNGs 2.6 Cryptographic Key Management The router securely administers both cryptographic keys and other critical security parameters such as passwords. All keys and CSPs are also protected by the password-protection provided by the crypto-officer logins and can be zeroized by either the Crypto Officer or User. Zeroization consists of overwriting the memory that stored the key or refreshing the volatile memory. Keys are both manually and electronically distributed but entered electronically. Manual distribution is used for pre-shared keys whereas SSH is used for electronic distribution. The module supports the following types of key management schemes: © Copyright 2011 Cisco Systems, Inc. 18 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.