Cisco 7609-S User Guide - Page 19

1. Pre-shared key exchange via electronic key entry. Triple-DES/AES key and HMACSHA-1 key are exchanged and entered electronically. 2. Diffie-Hellman key exchange is used to establish the Triple-DES or AES keys during SSHv2 exchange. All pre-shared keys are associated with the CO role that created the keys, and the CO role is protected by a password. Therefore, the CO password is associated with all the pre-shared keys. The Crypto Officer needs to be authenticated to store keys. All Diffie-Hellman (DH) keys agreed upon for individual tunnels are directly associated with that specific tunnel only via the SSH protocol. RSA Public keys are entered into the modules using digital certificates which contain relevant data such as the name of the public key's owner, which associates the key with the correct entity. All other keys are associated with the user/role that entered them. The module supports the following keys and critical security parameters (CSPs): ID Algorithm Size General Keys/CSPs Description Origin Storage Zeroization Method User Password password Enable Password password RADIUS Shared secret Secret 8 characters 8 characters 128 bits Used to authenticate Configured by User role Crypto Officer NVRAM (plaintext) Used to authenticate Configured during NVRAM Crypto Officer role module initialization (plaintext) Used to authenticate RADIUS server to module Configured by Crypto Officer NVRAM (plaintext) Zeroized by overwriting with new password Zeroized by overwriting with new password Zeroized by "# no radius‐ server key" TACACS+ Shared secret Secret 128 bits Used to authenticate TACACS+ server to module Configured by Crypto Officer NVRAM (plaintext) Zeroized by "# no tacacs‐ server key" DRBG Seed SP 800‐90 128‐bits This is the seed for SP 800‐90 DRBG. Generated by entropy source via the CTR_DRBG derivation function DRAM (plaintext) power cycle the device © Copyright 2011 Cisco Systems, Inc. 19 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.