Table: CSM Algorithms and Table: Data Path Algorithms show the CSM and data path security features and associated algorithms for a 7705 SAR node running in FIPS-140-2 mode.
FIPS-140-2 CSM Algorithms |
SSHv2 |
IPSec (IKEv1, IKEv2) |
NGE |
SNMPv3 |
SCP, SFTP |
IGP, BGP, MPLS |
PKI |
|---|---|---|---|---|---|---|---|
Authentication |
RSA 2048 DSA 1024 Preference to RSA in SSH negotiation |
PSK (DH G14, DH G15) |
SSH |
N/A |
SSH |
N/A |
N/A |
Asymmetric Key |
DH G14 (P ≥ 2K prime numbers, q > 224) |
DH G14, DH G15 (P ≥ 2K prime numbers, q > 224) |
SSH |
N/A |
SSH |
N/A |
RSA/ DSA 2048 |
Symmetric Key |
AES-CBC (128,192, 256) 3DES-CBC |
AES-CBC (128,192, 256) 3DES-CBC |
N/A |
AES-128 |
SSH |
N/A |
N/A |
| Hash Algorithm | SHA-1 (128) –HMAC-MD5 –HMAC-RIPEMD-160 –HMAC-SHA1-96 –HMAC-MD5-96 |
SHA-1 (128) SHA-2 (256, 384, 512) |
N/A |
SHA-1 (SHA-128) |
SSH |
SHA-1 (128) SHA-2 (256) AES-18- CMAC-96 |
SHA1 SHA-224 SHA-256 SHA-384 SHA-512 |
| Digital Signature | RSA 2048 DSA 1024 |
N/A |
N/A |
N/A |
N/A |
N/A |
RSA/ DSA 2048 |
MD5 algorithms are not blocked from configuration in FIPS-140-2 mode. Although MD5 is not a FIPS-140-2-approved algorithm, it is allowed to be used when running in FIPS-140-2 mode.
FIPS-140-2 Data Path Algorithms |
SSHv2 |
IPSec |
NGE/L3 Encryption |
SNMPv3 |
SCP, SFTP |
IGP, BGP, MPLS |
|---|---|---|---|---|---|---|
Authentication |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
Asymmetric Key |
N/A |
N/A |
N/A |
N/A |
N/A |
N/A |
Symmetric Key |
N/A |
AES-CBC (128,192, 256) 3DES-CBC |
AES-CBC (128, 256) |
N/A |
N/A |
N/A |
Hash Algorithm |
N/A |
SHA-1 (128) SHA-2 (256, 384, 512) |
N/A |
N/A |
N/A |
N/A |