Specifications
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
15
When using RSA based authentication, RSA key pair has modulus size of 1024 bit to 2048 bit,
thus providing between 80 bits and 112 bits of strength. Assuming the low end of that range, an
attacker would have a 1 in 280 chance of randomly obtaining the key, which is much stronger
than the one in a million chance required by FIPS 140-2. To exceed a one in 100,000 probability
of a successful random key guess in one minute, an attacker would have to be capable of
approximately 1.8x1021 attempts per minute, which far exceeds the operational capabilities of
the modules to support.
When using preshared key based authentication, the security policy stipulates that all preshared
keys must be 8 alphanumeric characters, so the key space is 2.8 trillion possible combinations.
The possibility of randomly guessing this is thus far less than one in one million. To exceed a
one in 100,000 probability of a successful random guess in one minute, an attacker would have
to be capable of 28 million attempts per minute, which far exceeds the operational capabilities of
the module to support.
2.4 Physical Security
The router is entirely encased by a metal, opaque case. The rear of the unit contains auxiliary
port, console port, Gigabit Ethernet ports, HWIC ports, and ENM slots. The front of the unit
contains USB connectors, CF drive, power inlets, power switch, and LEDs. The top, side, and
front portion of the chassis can be removed to allow access to the motherboard, memory, AIM
slots, and expansion slots.
The Cisco 3825 and Cisco 3845 routers require that a special opacity shield be installed over the
side air vents in order to operate in FIPS-approved mode. The shield decreases the surface area
of the vent holes, reducing visibility within the cryptographic boundary to FIPS-approved
specifications.
Install the opacity plates as specified in the pictures below: