Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipment1841 - 1841 Integrated Services Router
11121314151617181920
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
18
X9.31 PRNG 456
RSA 379
Onboard FPGA Implementations
AES 181
Triple-DES 283
SHA-1 267
HMAC-SHA-1 27
AIM Module Implementations
AES 100
Triple-DES 213
SHA-1 401
HMAC-SHA-1 38
X9.31 PRNG 80
RSA 383
The router is in the approved mode of operation only when FIPS 140-2 approved algorithms are
used (except DH and RSA key transport which are allowed in the approved mode for key
establishment despite being non-approved).
Note: The module supports DH key sizes of 1024 and 1536 bits and RSA key sizes of 1024,
1536 and 2048 bits. Therefore, the Diffie Hellmann Key agreement, key establishment
methodology provides between 80-bits and 96-bits of encryption strength per NIST 800-57. RSA
Key wrapping, key establishment methodology provides between 80-bits and 112-bits of
encryption strength per NIST 800-57.
The following are not FIPS 140-2 approved Algorithms: DES, RC4, MD5, HMAC-MD5, RSA
key wrapping and DH; however again DH and RSA are allowed for use in key establishment.
The module contains a HiFn 7814-W cryptographic accelerator chip, integrated in the AIM card.
Unless the AIM card is disabled by the Crypto Officer with the “no crypto engine aim”
command, the HiFn 7814-W provides AES (128-bit, 192-bit, and 256-bit) and Triple-DES (168-
bit) encryption; MD5 and SHA-1 hashing; and hardware support for DH, X9.31 RNG, RSA
encryption/decryption, and RSA public key signature/verification.
The module supports the following types of key management schemes:
1. Pre-shared key exchange via electronic key entry. Triple-DES/AES key and HMAC-
SHA-1 key are exchanged and entered electronically.
2. Internet Key Exchange method with support for pre-shared keys exchanged and entered
electronically.
The pre-shared keys are used with Diffie-Hellman key agreement technique to
derive Triple-DES or AES keys.
The pre-shared key is also used to derive HMAC-SHA-1 key.
3. RSA digital signatures based authentication is used for IKE, with Diffie-Hellman Key
agreement technique to derive AES or Triple-DES keys.