User guide
Aruba Networks Security Target
Page 40 of 67
#
Name
CSPs type
Generation
Storage and
Zeroization
Use
1
Key Encryption Key
(KEK)
Triple-DES 168-bit key
Hardcoded during
manufacturing
Stored in Flash.
Zeroized by using
command ‘wipe out
flash’
Encrypts IKEv1/IKEv2
Pre-shared key,
RADIUS server
shared secret, RSA
private key, ECDSA
private key, 802.11i
pre-shared key and
Passwords.
2
DRBG entropy input
SP800-90a DRBG (512
bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
3
DRBG seed
SP800-90a DRBG (384
bits)
Generated per SP800-
90A using a derivation
function
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG initialization
4
DRBG Key
SP800-90a (256 bits)
Generated per SP800-
90A
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG
5
DRBG V
SP800-90a (128 bits)
Generated per SP800-
90A
Stored in plaintext in
volatile memory.
Zeroized on reboot.
DRBG
6
RNG seed
FIPS 186-2 RNG Seed
(512 bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Seed 186-2 General
purpose (x-change
Notice); SHA-1 RNG
7
RNG seed key
FIPS 186-2 RNG Seed
key (512 bits)
Derived using NON-
FIPS approved HW
RNG
Stored in plaintext in
volatile memory.
Zeroized on reboot.
Seed 186-2 General
purpose (x-change
Notice); SHA-1 RNG