Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Cisco Systems Product Security Incident Response Team (psirtcisco.com)
Date: Wed Oct 16 2013 - 11:10:14 CDT
-----BEGIN PGP SIGNED MESSAGE-----
Use of Dual_EC_DRBG in Cisco Products
Document ID: 36356
For Public Release 2013 October 16 16:00 UTC (GMT)
Cisco is aware of the industry discussion regarding the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) and the recent decision of the U.S. National Institute of Standards and Technology (NIST) to reopen the 800-90A Special Publication (SP) to public review.
Cisco applauds the decision for increased public review of cryptographic standards and will monitor for any updates to NIST SP 800-90A.
Cisco has completed an internal investigation and has confirmed that the Dual_EC_DRBG is not in use in any Cisco products.
Cisco licenses third-party components that include the Dual_EC_DRBG; however, this Deterministic Random Bit Generator (DRBG) is not in use in any Cisco products.
Cisco products that use DRBGs for encryption are compliant with either the older ANSI X9.31 standard or the newer NIST SP 800-90A standard. The 800-90A-compliant crypto libraries in Cisco products have four DRBG options available to Cisco developers, but the standard Cisco implementation is Advanced Encryption Standard Counter mode (AES-CTR), not Dual_EC_DRBG. Additionally, there are no configuration modifications that could enable Dual_EC_DRBG.
Cisco provides strong encryption options that comply with international standards and local regulations. We are always watching for stronger encryption options, and if we find such an option, it will be implemented for the benefit of our customers.
This response is available at the following link: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131016-ec-drbg
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.18 (Darwin)
Comment: GPGTools - http://gpgtools.org
-----END PGP SIGNATURE-----
cust-security-announce mailing list
To unsubscribe, send the command "unsubscribe" in the subject of your message to cust-security-announce-leavecisco.com