Specifications
© Copyright 2007 Cisco Systems, Inc.
This document may be freely reproduced and distributed whole and intact including this Copyright Notice.
24
User password Shared Secret The password of the User role. This
password is zeroized by
overwriting it with a new password.
NVRAM Overwrite with new
password
Enable
password
Shared Secret The plaintext password of the CO
role. This password is zeroized by
overwriting it with a new password.
NVRAM Overwrite with new
password
Enable secret Shared Secret The ciphertext password of the CO
role. However, the algorithm used
to encrypt this password is not
FIPS approved. Therefore, this
password is considered plaintext
for FIPS purposes. This password
is zeroized by overwriting it with a
new password.
NVRAM Overwrite with new
password
RADIUS
secret
Shared Secret The RADIUS shared secret. This
shared secret is zeroized by
executing the “no radius-server
key” command.
NVRAM “# no radius-server key”
secret_1_0_0 The fixed key used in Cisco vendor
ID generation. This key is
embedded in the module binary
image and can be deleted by
erasing the Flash.
NVRAM Deleted by erasing the
Flash.
TACACS+
secret
Shared Secret The TACACS+ shared secret. This
shared secret is zeroized by
executing the “no tacacs-server
key” command.
NVRAM “# no tacacs-server key”
TLS server
private key
RSA 1024/1536/2048 bit RSA private
key used for SSLV3.1/TLS.
NVRAM “# crypto key zeroize
rsa"
TLS server
public key
RSA 1024/1536/2048 bit RSA public
key used for SSLV3.1/TLS.
NVRAM “# crypto key zeroize
rsa"
TLS pre-
master secret
Shared Secret Shared Secret created using
asymmetric cryptography from
which new TLS session keys can
be created
DRAM Automatically when
TLS session is
terminated
TLS
Encryption
Key
AES/TRIPLE-
DES
Key used to encrypt TLS session
data
DRAM Automatically when
TLS session is
terminated
TLS Integrity
Key
HMAC-SHA-1 HMAC-SHA-1 used for TLS data
integrity protection
DRAM Automatically when
TLS session is
terminated
Table 8 - Cryptographic Keys and CSPs