|Applies To||RSA Authentication Manager 7.1|
RSA SecurID Appliance 3.0
|Issue||How is a node secret protected on an RSA agent|
|Cause||A node secret is used to encrypt traffic between the agent and an RSA Authentication Manager. This means that this file is important to the security of a system.|
|Resolution||A node secret encryption (hashing key) is secured by three standard mechanisms|
(a) it can only be used on the device it was intended
(b) it is protected with OS level access controls
(c) even knowing the value of the key does not help because it is for a hashing algorithm and is not an encryption key.
The net result is that even knowing the key and scanning the network to capture packets you cannot use the node secret to unhash the transmission (c) just for good measure we actually encrypt this with a static DES (56bit) key as well but this last part is mostly legacy as it is not actually required.
|Legacy Article ID||a48854|