Cisco Security Response: Use of Dual_EC_DRBG in Cisco Products

Fabricante: CISCO
Fecha: 16/10/2013
Cisco Security Response: Use of Dual_EC_DRBG in Cisco Products
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Use of Dual_EC_DRBG in Cisco Products Document ID: 36356 Revision 1.0 For Public Release 2013 October 16 16:00 UTC (GMT) +--------------------------------------------------------------------- Cisco Response ============== Cisco is aware of the industry discussion regarding the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) and the recent decision of the U.S. National Institute of Standards and Technology (NIST) to reopen the 800-90A Special Publication (SP) to public review. Cisco applauds the decision for increased public review of cryptographic standards and will monitor for any updates to NIST SP 800-90A. Cisco has completed an internal investigation and has confirmed that the Dual_EC_DRBG is not in use in any Cisco products. Additional Information ====================== Cisco licenses third-party components that include the Dual_EC_DRBG; however, this Deterministic Random Bit Generator (DRBG) is not in use in any Cisco products. Cisco products that use DRBGs for encryption are compliant with either the older ANSI X9.31 standard or the newer NIST SP 800-90A standard. The 800-90A-compliant crypto libraries in Cisco products have four DRBG options available to Cisco developers, but the standard Cisco implementation is Advanced Encryption Standard Counter mode (AES-CTR), not Dual_EC_DRBG. Additionally, there are no configuration modifications that could enable Dual_EC_DRBG. Cisco provides strong encryption options that comply with international standards and local regulations. We are always watching for stronger encryption options, and if we find such an option, it will be implemented for the benefit of our customers. This response is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131016-ec-drbg -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlJephIACgkQUddfH3/BbTo+lAD/UUgH7x+jsl1qu0Fk6Nk/L2td YR7ROUuQ9CvhC8oQ6MkA/38/iqW7N3As6lyZSAb4GpU7C0CQMXf8GwWhFN1O0MhW =y5el -----END PGP SIGNATURE-----