This page was not yet optimized for use on mobile devices.

Comparing certificates Experimental feature

You are comparing two certificates. By default, only differing attributes are shown. Use the button below to show/hide all attributes.

Showing only differing attributes.

	ExtraHop Cryptographic Module	ExtraHop Cryptographic Module
cert_id	4561	4675
dgst	315ef9b31f21c15d	bb12fc5a6af710c3
heuristics/algorithms	AES-OFBA2293, AES-GMACA2293, TDES-CMACA2293, AES-KWPA2293, SHA2-384A2293, AES-CMACA2293, AES-XTSA2293, SHA3-512A2293, PBKDFA2293, HMAC-SHA3-384A2293, DSA KeyGen (FIPS186-4)A2293, SHAKE-128A2293, SHAKE-256A2293, RSA KeyGen (FIPS186-4)A2293, RSA SigVer (FIPS186-4)A2293, ECDSA KeyVer (FIPS186-4)A2293, HMAC-SHA2-512A2293, AES-CFB128A2293, RSA SigGen (FIPS186-4)A2293, TDES-CFB64A2293, AES-CFB8A2293, AES-CTRA2293, KAS-FFC-SSC Sp800-56Ar3A2293, DSA SigVer (FIPS186-4)A2293, TLS v1.2 KDF RFC7627A2293, ECDSA KeyGen (FIPS186-4)A2293, HMAC-SHA-1A2293, AES-GCMA2293, SHA3-256A2293, SHA-1A2293, SHA2-224A2293, DSA PQGGen (FIPS186-4)A2293, SHA3-384A2293, HMAC-SHA2-384A2293, TDES-CFB1A2293, AES-KWA2293, KDF SSHA2293, TDES-ECBA2293, AES-CBCA2293, SHA3-224A2293, AES-CCMA2293, Counter DRBGA2293, TDES-CBCA2293, KDF TLSA2293, KAS-ECC-SSC Sp800-56Ar3A2293, TDES-CFB8A2293, HMAC-SHA3-224A2293, SHA2-512A2293, SHA2-256A2293, ECDSA SigVer (FIPS186-4)A2293, KDA HKDF SP800-56Cr2A2293, HMAC-SHA3-256A2293, HMAC-SHA2-224A2293, TDES-OFBA2293, DSA PQGVer (FIPS186-4)A2293, AES-ECBA2293, HMAC-SHA2-256A2293, AES-CFB1A2293, HMAC-SHA3-512A2293, TLS v1.3 KDFA2294	AES-CFB8A4978, HMAC-SHA2-256A4978, AES-OFBA4978, TLS v1.2 KDF RFC7627A4978, SHA2-512A4978, HMAC-SHA2-512A4978, AES-ECBA4978, RSA KeyGen (FIPS186-4)A4978, Counter DRBGA4978, KDA HKDF SP800-56Cr2A4978, HMAC-SHA-1A4978, AES-CMACA4978, ECDSA KeyGen (FIPS186-4)A4978, TDES-OFBA4978, AES-CFB1A4978, DSA SigGen (FIPS186-4)A4978, DSA KeyGen (FIPS186-4)A4978, AES-CCMA4978, TDES-CMACA4978, AES-KWA4978, TDES-CFB8A4978, SHA3-224A4978, AES-CBCA4978, AES-XTSA4978, TDES-CFB64A4978, TDES-CBCA4978, TLS v1.3 KDFA4979, SHA3-256A4978, HMAC-SHA3-224A4978, KDF TLSA4978, KAS-ECC-SSC Sp800-56Ar3A4978, SHA2-256A4978, TDES-CFB1A4978, ECDSA KeyVer (FIPS186-4)A4978, AES-CTRA4978, AES-GCMA4978, SHAKE-128A4978, RSA SigVer (FIPS186-4)A4978, ECDSA SigGen (FIPS186-4)A4978, KAS-FFC-SSC Sp800-56Ar3A4978, SHA-1A4978, DSA SigVer (FIPS186-4)A4978, HMAC-SHA3-384A4978, DSA PQGVer (FIPS186-4)A4978, HMAC-SHA3-512A4978, TDES-ECBA4978, SHA2-384A4978, HMAC-SHA3-256A4978, AES-CFB128A4978, DSA PQGGen (FIPS186-4)A4978, SHA2-224A4978, AES-GMACA4978, HMAC-SHA2-224A4978, SHAKE-256A4978, SHA3-384A4978, HMAC-SHA2-384A4978, SHA3-512A4978, AES-KWPA4978, KDF SSHA4978, ECDSA SigVer (FIPS186-4)A4978, PBKDFA4978, RSA SigGen (FIPS186-4)A4978
heuristics/cpe_matches	{}	{}
heuristics/direct_transitive_cves	{}	{}
heuristics/extracted_versions	-	-
heuristics/indirect_transitive_cves	{}	{}
heuristics/module_processed_references/directly_referenced_by	{}	{}
heuristics/module_processed_references/directly_referencing	{}	{}
heuristics/module_processed_references/indirectly_referenced_by	{}	{}
heuristics/module_processed_references/indirectly_referencing	{}	{}
heuristics/module_prunned_references	{}	{}
heuristics/policy_processed_references/directly_referenced_by	{}	{}
heuristics/policy_processed_references/directly_referencing	{}	{}
heuristics/policy_processed_references/indirectly_referenced_by	{}	{}
heuristics/policy_processed_references/indirectly_referencing	{}	{}
heuristics/policy_prunned_references	{}	{}
heuristics/related_cves	{}	{}
heuristics/verified_cpe_matches	{}	{}
pdf_data/keywords/fips_cert_id	Cert: #1: 1 Certificate6: 4	Cert: Certificate6: 4
pdf_data/keywords/fips_security_level	Level: Level 1: 3	Level: Level 1: 3
pdf_data/keywords/fips_certlike	Certlike: AES GCM encrypt KAT50: 1 AES-CMAC 128: 1 AES-GCM 128: 1 CVL23: 1 DRBG 9: 1 DRBG27: 1 DSA28: 1 HMAC 128: 2 PKCS #1: 2 PKCS#1: 6 RSA39: 1 SHA-1: 13 SHA-256: 1 SHA-3: 1 SHA2- 256: 6 SHA2- 384: 4 SHA2- 512: 5 SHA2-224: 13 SHA2-256: 17 SHA2-384: 11 SHA2-512: 11 SHA3- 224: 1 SHA3- 256: 1 SHA3- 384: 1 SHA3- 512 112: 1 SHA3-224: 3 SHA3-256: 4 SHA3-384: 3 SHA3-512: 3 SHS42: 1	Certlike: AES GCM encrypt KAT48: 1 AES-CMAC 128: 1 AES-GCM 128: 1 CVL23: 1 DRBG 9: 1 DRBG26: 1 DSA27: 1 HMAC 128: 2 PKCS#1: 6 RSA38: 1 SHA-1: 13 SHA-256: 1 SHA-3: 1 SHA2- 256: 7 SHA2- 384: 4 SHA2- 512: 5 SHA2-224: 14 SHA2-256: 17 SHA2-384: 12 SHA2-512: 12 SHA3- 224: 1 SHA3- 256: 1 SHA3- 384: 1 SHA3- 512 112: 1 SHA3-224: 3 SHA3-256: 4 SHA3-384: 3 SHA3-512: 3 SHS41: 1
pdf_data/keywords/vendor	Microsoft: Microsoft: 2
pdf_data/keywords/eval_facility
pdf_data/keywords/symmetric_crypto	AES_competition: AES: AES: 98 CAST: CAST: 4 CAST5: 3 RC: RC2: 2 RC4: 3 RC5: 3 DES: 3DES: TDES: 1 Triple-DES: 20 DES: DES: 5 constructions: MAC: CMAC: 23 HMAC: 26 djb: ChaCha: ChaCha20: 3 Poly: Poly1305: 2 miscellaneous: ARIA: ARIA: 3 Blowfish: Blowfish: 3 Camellia: Camellia: 3 IDEA: IDEA: 3 SEED: SEED: 3 SM4: SM4: 3	AES_competition: AES: AES: 100 CAST: CAST: 4 CAST5: 3 RC: RC2: 2 RC4: 3 RC5: 3 DES: 3DES: TDES: 1 Triple-DES: 20 DES: DES: 8 constructions: MAC: CMAC: 24 HMAC: 27 djb: ChaCha: ChaCha20: 3 Poly: Poly1305: 2 miscellaneous: ARIA: ARIA: 3 Blowfish: Blowfish: 3 Camellia: Camellia: 3 IDEA: IDEA: 3 SEED: SEED: 3 SM4: SM4: 3
pdf_data/keywords/asymmetric_crypto	ECC: ECC: ECC: 3 ECDH: ECDH: 11 ECDSA: ECDSA: 26 EdDSA: EdDSA: 3 FF: DH: DH: 12 Diffie-Hellman: 2 DSA: DSA: 25	ECC: ECC: ECC: 3 ECDH: ECDH: 11 ECDSA: ECDSA: 27 EdDSA: EdDSA: 3 FF: DH: DH: 12 Diffie-Hellman: 2 DSA: DSA: 27
pdf_data/keywords/pq_crypto
pdf_data/keywords/hash_function	BLAKE: Blake2: 3 MD: MD4: MD4: 2 MD5: MD5: 2 PBKDF: PBKDF: 6 PBKDF2: 5 RIPEMD: RIPEMD: 2 SHA: SHA1: SHA-1: 13 SHA2: SHA-256: 1 SHA3: SHA-3: 1 SHA3-224: 3 SHA3-256: 4 SHA3-384: 3 SHA3-512: 3	BLAKE: Blake2: 3 MD: MD4: MD4: 2 MD5: MD5: 2 PBKDF: PBKDF: 7 PBKDF2: 5 RIPEMD: RIPEMD: 2 SHA: SHA1: SHA-1: 13 SHA2: SHA-256: 1 SHA3: SHA-3: 1 SHA3-224: 3 SHA3-256: 4 SHA3-384: 3 SHA3-512: 3
pdf_data/keywords/crypto_scheme	KA: Key Agreement: 3 Key agreement: 2 MAC: MAC: 11	KA: Key Agreement: 3 Key agreement: 2 MAC: MAC: 11
pdf_data/keywords/crypto_protocol	SSH: SSH: 18 TLS: TLS: TLS: 34 TLS 1.2: 3 TLS 1.3: 1 TLS v1.2: 3 TLS v1.3: 2	SSH: SSH: 18 TLS: SSL: SSL: 3 TLS: TLS: 36 TLS 1.2: 3 TLS 1.3: 5 TLS v1.2: 3 TLS v1.3: 2
pdf_data/keywords/randomness	PRNG: DRBG: 45 RNG: RBG: 2 RNG: 4	PRNG: DRBG: 46 RNG: RBG: 2 RNG: 4
pdf_data/keywords/cipher_mode	CBC: CBC: 8 CCM: CCM: 3 CFB: CFB: 3 CTR: CTR: 5 ECB: ECB: 9 GCM: GCM: 37 OFB: OFB: 8 XEX: XEX: 2 XTS: XTS: 4	CBC: CBC: 8 CCM: CCM: 3 CFB: CFB: 3 CTR: CTR: 5 ECB: ECB: 10 GCM: GCM: 37 OFB: OFB: 8 XEX: XEX: 2 XTS: XTS: 4
pdf_data/keywords/ecc_curve	NIST: B-163: 2 B-233: 4 B-283: 4 B-409: 4 B-571: 4 K-163: 4 K-233: 6 K-283: 4 K-409: 4 K-571: 4 P-192: 8 P-224: 14 P-256: 8 P-384: 8 P-521: 8	NIST: B-163: 2 B-233: 5 B-283: 5 B-409: 5 B-571: 5 K-163: 4 K-233: 7 K-283: 5 K-409: 5 K-571: 5 P-192: 8 P-224: 16 P-256: 10 P-384: 10 P-521: 10
pdf_data/keywords/crypto_engine
pdf_data/keywords/tls_cipher_suite
pdf_data/keywords/crypto_library
pdf_data/keywords/vulnerability
pdf_data/keywords/side_channel_analysis
pdf_data/keywords/device_model
pdf_data/keywords/tee_name	AMD: PSP: 6 IBM: SSC: 1	AMD: PSP: 6 IBM: SSC: 1
pdf_data/keywords/os_name
pdf_data/keywords/cplc_data
pdf_data/keywords/ic_data_group
pdf_data/keywords/standard_id	FIPS: FIPS 140-3: 20 FIPS PUB 180-4: 1 FIPS PUB 186-4: 5 FIPS PUB 197: 2 FIPS PUB 198-1: 1 FIPS PUB 202: 1 ISO: ISO/IEC 19790: 6 ISO/IEC 19790:2012: 1 ISO/IEC 19790:2021: 1 ISO/IEC 24579: 4 NIST: NIST SP 800-132: 2 NIST SP 800-38A: 1 NIST SP 800-38B: 2 NIST SP 800-38C: 2 NIST SP 800-38D: 6 NIST SP 800-38E: 2 NIST SP 800-38F: 2 NIST SP 800-52: 1 NIST SP 800-67: 2 SP 800-38A: 1 SP 800-38B: 1 PKCS: PKCS #1: 1 PKCS#1: 3 RFC: RFC 5246: 1 RFC 5288: 1 RFC 8446: 1 RFC25: 1	FIPS: FIPS 140-3: 20 FIPS PUB 180-4: 1 FIPS PUB 186-4: 5 FIPS PUB 197: 2 FIPS PUB 198-1: 1 FIPS PUB 202: 1 ISO: ISO/IEC 19790: 6 ISO/IEC 19790:2012: 1 ISO/IEC 19790:2021: 1 ISO/IEC 24579: 4 NIST: NIST SP 800-132: 2 NIST SP 800-38A: 1 NIST SP 800-38B: 2 NIST SP 800-38C: 2 NIST SP 800-38D: 6 NIST SP 800-38E: 2 NIST SP 800-38F: 2 NIST SP 800-52: 1 NIST SP 800-67: 2 SP 800-38A: 1 SP 800-38B: 1 PKCS: PKCS#1: 3 RFC: RFC 5246: 1 RFC 5288: 1 RFC 8446: 1 RFC25: 1
pdf_data/keywords/javacard_version
pdf_data/keywords/javacard_api_const	curves: SM2: 2	curves: SM2: 2
pdf_data/keywords/javacard_packages
pdf_data/keywords/certification_process
pdf_data/policy_metadata	/Author: Corsec Security, Inc. /CreationDate: D:20230712104617-04'00' /Creator: Microsoft® Word for Microsoft 365 /ModDate: D:20230712104617-04'00' /Producer: Microsoft® Word for Microsoft 365 /Title: FIPS 140-3 Non-Proprietary Security Policy pdf_file_size_bytes: 886586 pdf_hyperlinks: http://csrc.nist.gov/groups/STM/cmvp, mailto:[email protected], http://www.extrahop.com/, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=34903, http://www.corsec.com/, https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14786, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?product=14787 pdf_is_encrypted: False pdf_number_of_pages: 39	/Author: Corsec Security, Inc. /CreationDate: D:20240127135910-05'00' /Creator: Microsoft® Word for Microsoft 365 /ModDate: D:20240127135910-05'00' /Producer: Microsoft® Word for Microsoft 365 /Title: FIPS 140-3 Non-Proprietary Security Policy pdf_file_size_bytes: 919212 pdf_hyperlinks: http://csrc.nist.gov/groups/STM/cmvp, mailto:[email protected], http://www.extrahop.com/, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37588, https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?validation=37589, http://www.corsec.com/, https://csrc.nist.gov/Projects/cryptographic-module-validation-program/Validated-Modules/Search pdf_is_encrypted: False pdf_number_of_pages: 41
state/module_download_ok	True	True
state/module_extract_ok	True	True
state/policy_convert_garbage	False	False
state/policy_convert_ok	True	True
state/policy_download_ok	True	True
state/policy_extract_ok	True	True
state/policy_pdf_hash	Different	Different
state/policy_txt_hash	Different	Different
web_data/caveat	When operated in approved mode. No assurance of the minimum strength of generated keys	When operated in approved mode. No assurance of the minimum strength of generated SSPs (e.g., keys)
web_data/certificate_pdf_url	https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/August 2023_010923_0844.pdf	https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/certificates/January 2024_010224_0801.pdf
web_data/date_sunset		29.01.2029
web_data/description	The ExtraHop Cryptographic Module 1.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 1.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).	The ExtraHop Cryptographic Module 2.0 is a cryptographic library embedded in the ExtraHop Reveal(x) 360 application software. The ExtraHop Cryptographic Module 2.0 offers symmetric encryption/decryption, digital signature generation/verification, hashing, cryptographic key generation, random number generation, message authentication, and key establishment functions to secure data-at-rest/data-in-flight and to support secure communications protocols (including SSH and TLS 1.2/1.3).
web_data/embodiment	Multi-Chip Stand Alone	Multi-Chip Stand Alone
web_data/exceptions	Physical security: N/A, Non-invasive security: N/A, Mitigation of other attacks: N/A, Documentation requirements: N/A, Cryptographic module security policy: N/A	Physical security: N/A, Non-invasive security: N/A, Mitigation of other attacks: N/A, Documentation requirements: N/A, Cryptographic module security policy: N/A
web_data/fw_versions	[]	[]
web_data/historical_reason	None	None
web_data/hw_versions	[]	[]
web_data/level	1	1
web_data/mentioned_certs
web_data/module_name	ExtraHop Cryptographic Module	ExtraHop Cryptographic Module
web_data/module_type	Software	Software
web_data/revoked_link	None	None
web_data/revoked_reason	Non-conformance to the FIPS 140-3 standard identified
web_data/standard	FIPS 140-3	FIPS 140-3
web_data/status	revoked	active
web_data/sw_versions	1.0	2.0
web_data/tested_conf	ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 with PAA, ExtraHop OS 8.6 on VMware ESXi 6.7 running on Dell PowerEdge R640-XL with Intel Xeon Silver 4110 without PAA, ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 with PAA, ExtraHop OS 8.6 on VMware ESXi 7.0 running on Dell PowerEdge R740 with Intel Xeon Silver 4110 without PAA, ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 with PAA, ExtraHop OS 8.6 running on EDA 8200 appliance with Intel Xeon Silver 4110 without PAA	Debian 9 running on a Dell PowerEdge R440 with an Intel® Xeon Silver 4214R with PAA, Debian 9 running on a Dell PowerEdge R440 with an Intel® Xeon Silver 4214R without PAA, , , ,
web_data/validation_history	date: 28.08.2023 lab: Lightship Security, Inc. validation_type: Initial	date: 30.01.2024 lab: Lightship Security, Inc. validation_type: Initial
web_data/vendor	ExtraHop Networks, Inc.	ExtraHop Networks, Inc.
web_data/vendor_url	http://www.extrahop.com	http://www.extrahop.com