Reference Guide
Aruba 600 Series Controllers FIPS 140-2 Level 2 Security Policy|25
Table8‐CSPs/KeysUsedinArubaControllers
15 Enable secret
8-64 character
password
CO configured
Store in ciphertext in
flash. Zeroized by
changing (updating)
through the user
interface.
Administrator
authentication
16 User Passwords
8-64 character
password
CO configured
Stored encrypted in
Flash with KEK.
Zeroized by either
deleting the password
configuration file or by
overwriting the
password with a new
one.
Authentication for
accessing the
management
interfaces, RADIUS
authentication
17
IKEv1/IKEv2 Pre-
shared key
64 character pre-
shared key
CO configured
Stored encrypted in
Flash with the KEK.
Zeroized by changing
(updating) the pre-
shared key through
the User interface.
User and module
authentication during
IKEv1, IKEv2
18 skeyid
HMAC-SHA-1/256/384
(160/256/384 bits)
Established during
IKEv1 negotiation
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
Key agreement in
IKEv1
19 skeyid_d
HMAC-SHA-1/256/384
(160/256/384 bits)
Established during
IKEv1 negotiation
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
Key agreement in
IKEv1
20
IKEv1/IKEv2 session
authentication key
HMAC-SHA-1/256/384
(160 / 256 / 384 bits)
Established as a result
of IKEv1/IKEv2 service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
IKEv1/IKEv2 payload
integrity verification
21
IKEv1/IKEv2 session
encryption key
Triple-DES (168
bits/AES (128/196/256
bits – 3 key Triple-DES
only)
Established as a result
of IKEv1/IKEv2 service
implementation.
Stored in plaintext in
volatile memory.
Zeroized when
session is closed.
IKEv1/IKEv2 payload
encryption