uses the following cryptographic algorithms and protocols:
Privileged Access Manageruses the following cryptographic algorithms and protocols:
- Symmetric Encryption: Advanced Encryption Standard (AES) Symmetric keys of 256 bit key length, defined in NIST FIPS PUB 197 and ISO/IEC 18033-3.
- Asymmetric Encryption: Transport Layer Security protocol follows IETF RFC 5246 version 1.2 (TLS 1.2) including optional Perfect Forward Secrecy Diffie Hellman key exchange elliptic curve (P-256 and P-384 supported).
- Cryptographically secure entropy source: For symmetric key generation Intel RDRAND (on PAM hardware or if present in the hypervisor hardware for OVF) which meets NIST SP800 90B.
- Digital Signature: Digital Signature Standard (compliant to FIPS 186-4) Elliptic Curve Digital Signature Algorithm (ECDSA) (P-256 and P-384 supported).
- Hash Functions: For integrity checks and comparison of User specific login credentials, SHA-2 hash is used either with 512 or 256 bits. In SSH-2 communication, HMAC can support either SHA 256 or 512
- Digital Certificates: 2048 or 4096 bits may be used for digital certificates on thePAMserver.