Module Name
Network Security Services (NSS) Cryptographic Module
Historical Reason
RNG SP800-131A Revision 1 Transition
Caveat
When operated in FIPS mode
Embodiment
Multi-chip standalone
Description
Network Security Services (NSS) is a set of open source C libraries designed to support cross-platform development of security-enabled applications. NSS implements major crypto algorithms and Internet security standards, and supports smartcards and hardware crypto devices. NSS is available free of charge under the Mozilla Public License, the GNU General Public License, and the GNU Lesser General Public License. For more information, see http://www.mozilla.org/projects/security/pki/nss/
Tested Configuration(s)
- 64-bit Solaris 10
- HP-UX B.11.11 with HP-UX Strong Random Number Generator (KRNG11i) bundle
- Mac OS X 10.4 (single user mode)
- Microsoft Windows XP SP 2
- Red Hat Enterprise Linux 4 x86
Approved Algorithms
AES |
Cert. #352 |
DSA |
Cert. #172 |
ECDSA |
Certs. #30 and #37 |
HMAC |
Cert. #152 |
RNG |
Cert. #208 |
RSA |
Cert. #152 |
SHS |
Cert. #426 |
Triple-DES |
Certs. #410 and #469 |
Other Algorithms
RC2; RC4; MD2; DES; MD5; RSA (key wrapping; key establishment methodology provides between 112 and 201 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)