000014197 - How is a node secret protected

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014197
Applies ToRSA Authentication Manager 7.1
RSA SecurID Appliance 3.0
IssueHow is a node secret protected on an RSA agent
CauseA node secret is used to encrypt traffic between the agent and an RSA Authentication Manager.  This means that this file is important to the security of a system.
ResolutionA node secret encryption (hashing key) is secured by three standard mechanisms
    (a) it can only be used on the device it was intended
    (b) it is protected with OS level access controls
    (c) even knowing the value of the key does not help because it is for a hashing algorithm and is not an encryption key.

The net result is that even knowing the key and scanning the network to capture packets you cannot use the node secret to unhash the transmission (c) just for good measure we actually encrypt this with a static DES (56bit) key as well but this last part is mostly legacy as it is not actually required.
Legacy Article IDa48854