Module Name
Network Security Services (NSS) Cryptographic Module
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode
Embodiment
Multi-chip standalone
Description
Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/
Tested Configuration(s)
- Red Hat Enterprise Linux Version 4 Update 1 AS on IBM xSeries 336 with Intel Xeon CPU
- Trusted Solaris 8 4/01 on Sun Blade 2500 Workstation with UltraSPARC IIIi CPU
Approved Algorithms
AES |
Cert. #352 |
DSA |
Cert. #172 |
ECDSA |
Cert. #30 |
HMAC |
Cert. #152 |
RNG |
Cert. #208 |
RSA |
Cert. #152 |
SHS |
Cert. #426 |
Triple-DES |
Cert. #469 |
Other Algorithms
RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength))