Module Name
Thales Luna Backup Hardware Security Module
Historical Reason
SP 800-56Arev3 transition
Caveat
When operated in FIPS mode and initialized to Overall Level 3 per Security Policy
Embodiment
Multi-Chip Stand Alone
Description
The Thales Luna Backup Hardware Security Module provides the same level of security as the SafeNet Network HSM and SafeNet PCI-E HSMs in a convenient, small, low-cost form factor. The Thales Luna Backup Hardware Security Module ensures that sensitive cryptographic material remains strongly protected in hardware even when not being used. One can easily back up and duplicate keys securely to the Thales Luna Backup HSM for safekeeping in case of emergency, failure or disaster.
Approved Algorithms
AES |
Certs. #4849 and #5012 |
CKG |
vendor affirmed |
CVL |
Cert. #1562 |
DRBG |
Cert. #1704 |
DSA |
Certs. #1298 and #1315 |
ECDSA |
Certs. #1242 and #1278 |
HMAC |
Certs. #3306 and #3330 |
KAS |
Cert. #154 |
KBKDF |
Cert. #164 |
KTS |
Cert. #5012; key establishment methodology provides between 128 and 256 bits of encryption strength |
RSA |
Certs. #2691 and #2704 |
SHS |
Certs. #3988 and #4075 |
Triple-DES |
Certs. #2552 and #2585 |
Triple-DES MAC |
Triple-DES Certs. #2552 and #2585, vendor affirmed |
Allowed Algorithms
AES (Certs. #4849 and #5012, key unwrapping; key establishment methodology provides between 128 and 256 bits of encryption strength); Diffie-Hellman (key agreement; key establishment methodology provides 112 or 128 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 112 and 256 bits of encryption strength); NDRNG; RSA (key wrapping; key establishment methodology provides between 112 and 152 bits of encryption strength); Triple-DES (Certs. #2552 and #2585, key unwrapping; key establishment methodology provides 112 bits of encryption strength)
Hardware Versions
LTK-03, Version Code 0102 [1, 2] and LTK-03, Version Code 0103 [1, 2]
Firmware Versions
6.24.6 [1] and 6.24.7 [2]