No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
TaiShan Server BIOS Parameter Reference (Kunpeng 920 Processor) 21
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Statement

Security Statement

Upgrades and Patches

When performing an upgrade or a patch installation, use the digital signature verification tool (OpenPGP) to verify the software. To prevent the software from being tampered with or replaced, Huawei strongly recommends you verify the software.

Passwords

  • Select the cipher mode when setting a password. To ensure system security, enable password complexity check and change your passwords periodically.
  • When setting a password in explicit mode, do not start or end the password with %^%#......%^%#.
  • Set your passwords based on site requirements.

Encryption Algorithms

The TaiShan server uses the following encryption algorithms: DES, 3DES, AES, DSA, RSA, DH, ECDH, HMAC, SHA1, SHA2, PBKDF2, scrypt, and MD5. Choose the most appropriate one based on site requirements. Take our advice in preference, or you may fail to meet security requirements.

  • Symmetric encryption algorithm: AES (256 bits or more).
  • Asymmetric encryption algorithm: RSA (2048 bits or more). When using the asymmetric encryption algorithm, use different key pairs for encryption and signature.
  • Digital signatures: RSA (2048 bits or more) or DSA (2048 bits or more).
  • Key negotiation: DH (2048 bits or more) or ECDH (256 bits or more).
  • Hash algorithm: SHA2 (256 bits or more).
  • HMAC: HMAC-SHA2.
  • DES, 3DES, RSA, and AES encryption algorithms are reversible. In protocol interconnection scenarios, passwords stored locally must use a reversible encryption algorithm.
  • SHA1, SHA2, and MD5 encryption algorithms are irreversible. SHA2 is recommended for local administrator passwords.
  • To prevent brute force cracking, the PBKDF2 or scrypt key export algorithm is used to perform iterative calculation on user passwords based on salt values.
  • The ECB mode is not recommended for password encryption because it has a weak capability of defending against plaintext replay attacks.
  • In SSH 2.0, symmetric encryption algorithms in CBC mode may be attacked by plaintext recovery attacks and cause a data leak. Therefore, do not use the CBC mode to encrypt data for SSH 2.0.

Certificate Replacement

To ensure device and certificate security, Huawei strongly recommends you replace the certificate with a certificate issued by the CA.

Personal Data

This product fully respects users' privacy and does not involve users' personal information collection.

Public IP Addresses

In this document, public IP addresses may be used for feature introduction and configuration examples. Unless otherwise specified, those public IP addresses are examples only.

Unsecure Protocols

Disable TLS 1.0 because it has serious vulnerabilities.

Disable SSL 3.0 because it has serious vulnerabilities.

Translation
简体中文
Download
Updated: 2023-08-25

Document ID: EDOC1100088647

Views: 284466

Downloads: 496

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :