EasyManuals Logo
Home>Entrust>Security System>nShield

Entrust nShield User Manual

Entrust nShield
90 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #50 background imageLoading...
Page #50 background image
1.
In this mode non-approved security functions (e.g. algorithms,
primes) that are not compliant with NIST SP800-131A Revision 1 are
available and if selected then you will be operating outside of a
FIPS approved mode of operation (a mode of the cryptographic
module that employs only approved security functions).
2.
Common Criteria EN 419 221-5 Protection Profiles for TSP
Cryptographic Modules - Part 5 Cryptographic Module for Trust
Services.
Security Worlds created with a pre v12.50 release can be loaded. The cipher suites,
automatic FIPS mechanism compliance and security strengths for these Worlds are:
Pre v12.50 Security Worlds ciphersuites, FIPS mechanism conformance and security
strengths:
Modes Ciphersuite Automatic compliance
of FIPS mechanisms
with NIST SP800-131A
Revision 1
algorithm/key sizes
Security Strength
Not
Applicable
DLf3072s256mRijndael No 128 bits (see note 3)
DLf1024s160mRijndael No 80 bits
DLf1024s160mDES3 No 80 bits
3. Whilst the Ciphersuite provides 128 bits of security strength, some of
the underlying (not selectable) cryptographic mechanisms use by this
Ciphersuite are no longer FIPS approved. This is identified by the term
"No" in the "Automatic compliance with FIPS mechanisms" column.
The tables above identify the ciphersuites, automatic compliance with NIST SP800-131A
Revision 1 and security strength. The National Institute for Standards and Technology
(NIST) have published, over the years, good key management guidance. NIST SP800-
131A Revision 1Transitioning the Use of Cryptographic Algorithms and Key Lengths is
referenced in the table as it provides guidance on suitable cryptographic algorithms and
key sizes for protecting sensitive data today. This document, published in November
2015, advises that the minimum security strength for algorithms or keys is now 112 bits.
Whilst the immediate audience is U.S. government agencies, NIST standards provide a
global benchmark in security standards which many global product vendors adhere to, in
order to provide their customers with appropriate levels of security assurance. Therefore,
the industry standard minimum security strength is considered to be 112 bits today.
nShield® Security Manual 50 of 90

Table of Contents

Other manuals for Entrust nShield

Preview: Installation Guide
Installation Guide9 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Entrust nShield and is the answer not in the manual?

Entrust nShield Specifications

General IconGeneral
BrandEntrust
ModelnShield
CategorySecurity System
LanguageEnglish

Related product manuals