Nokia IP265 Security Guide - Page 20
Key agreement / Key establishment, Check Point VPN-1 NGX R60, Pseudo-Random Number Generation,
View all Nokia IP265 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 20 highlights
Only methodologies providing a minimum of 80 bits of encryption strength are allowed in FIPS mode. Encryption strength is determined in accordance with FIPS 140-2 Implementation Guidance 7.5 and NIST Special Publication 800-57 (Part 1). Key agreement / Key establishment: • The Diffie-Hellman key agreement key establishment methodology used by the different firmware implementations present in the module (used for IKE and SSHv2) provides the following encryption strengths: o IPSO: methodology provides between 57 and 112 bits of encryption strength o Check Point VPN-1 NGX (R60): methodology provides between 70 and 128 bits of encryption strength. Only methodologies providing a minimum of 80 bits of encryption strength are allowed in FIPS mode. Encryption strength is determined in accordance with FIPS 140-2 Implementation Guidance 7.5 and NIST Special Publication 800-57 (Part 1). Pseudo-Random Number Generation: • ANSI X9.31 PRNG This module also implements the following PRNGs, which are not used for cryptographic purposes: • ARC4-based PRNG • Simple Linear Congruential PRNG The module implements the following protocols permitted for use in a FIPS-approved mode of operation: Session security: • SSHv1 (configured to use FIPS-approved algorithms) • SSHv2 (configured to use FIPS-approved algorithms) • TLS v1.0 (configured to use FIPS-approved algorithms) according to RFC 2246 • IPSec (configured to use FIPS-approved algorithms) © Copyright 2005, 2006, 2007 Nokia Page 20 of 43 This document may be freely reproduced and distributed whole and intact including this Copyright Notice.