Specifications
Cisco ISR-800 Security Target
63
Name
Description
Zeroization
key
encryption and authentication keys. The entire object is
overwritten by 0’s using memset.
session terminated.
Overwritten with: 0x00
IPsec
authentication key
The function zeroizes an _ike_flow structure that includes the
encryption and authentication keys. The entire object is
overwritten by 0’s using memset.
Automatically when IPsec
session terminated.
Overwritten with: 0x00
RADIUS secret
The function calls aaa_free_secret, which uses the poisoned free
operation to zeroize the memory from the secret structure by
overwriting the space with 0x0d and releasing the memory.
Zeroized using the
following command:
# no radius-server key
Overwritten with: 0x0d
TACACS+ secret
The function calls aaa_free_secret, which uses the poisoned free
operation to zeroize the memory from the secret structure by
overwriting the space with 0x0d and releasing the memory.
Zeroized using the
following command:
# no tacacs-server key
Overwritten with: 0x0d
SSH Private Key
Once the function has completed the operations requiring the
RSA key object, the module over writes the entire object (no
matter its contents) using memset. This overwrites the key with
all 0’s.
Zeroized using the
following command:
# crypto key zeroize rsa
Overwritten with: 0x00
SSH Session Key
The results zeroized using the poisioning in free to overwrite the
values with 0x00. This is called by the ssh_close function when a
session is ended.
Automatically when the
SSH session is terminated.
Overwritten with: 0x00