Security Policy: Difference between revisions

Jump to navigation Jump to search

Security Policy (view source)

Revision as of 20:33, 21 August 2006

111 bytes removed ,  21 August 2006
no edit summary
No edit summary
Line 119: Line 119:
| 32 || In the FIPS PUB 140-2 mode of operation, the cryptographic module shall perform a continuous random number generator test upon each invocation of the pseudorandom number generator as defined in section 4.9.2 of FIPS PUB 140-2.
| 32 || In the FIPS PUB 140-2 mode of operation, the cryptographic module shall perform a continuous random number generator test upon each invocation of the pseudorandom number generator as defined in section 4.9.2 of FIPS PUB 140-2.
|-
|-
| 33 || Upon exit from the FIPS PUB 140-2 mode of operation, all security relevant data items within the cryptographic module which are stored to secondary storage shall be zeroized by having their memory contents rewritten with zeroes.
| 33 || The cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a plaintext secret key, private key, or password. Any plaintext secret and private keys and passwords are zeroized once the use is complete. Upon exit from the FIPS PUB 140-2 mode of operation, all security relevant data items within the cryptographic module are zeroized by having their memory contents rewritten with zeroes.
|-
|-
| 34 || The TLS pseudorandom function (PRF) is contained within the cryptographic module, and it shall enforce if one hash is weak the PRF function would remain strong. This is accomplished by exclusive-oring the results of the two hashes in computation of security relevant data items -- specifically TLS pre-master secrets.
| 34 || The TLS pseudorandom function (PRF) is contained within the cryptographic module, and it shall enforce if one hash is weak the PRF function would remain strong. This is accomplished by exclusive-oring the results of the two hashes in computation of security relevant data items -- specifically TLS pre-master secrets.
Line 1,371: Line 1,371:
== Means of Access ==
== Means of Access ==
Prior to execution of the Client or Server products, the Security Libraries are stored on disk in compiled binary form. The NSS cryptographic module relies on Discretionary Access Controls (DAC) to protect the binary image from being tampered with.
Prior to execution of the Client or Server products, the Security Libraries are stored on disk in compiled binary form. The NSS cryptographic module relies on Discretionary Access Controls (DAC) to protect the binary image from being tampered with.
== Zeroization ==
The NSS cryptographic module takes a number of explicit zeroization steps to clear the memory region previously occupied by a private key or password. In summary, private keys are always stored in encrypted form. Any key material that has been unwrapped (decrypted) for use is zeroed once the use is complete.


== Role-based Authentication ==
== Role-based Authentication ==
Wtchang
canmove, Confirmed users
937

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/32079"

Navigation menu