CDR-9150XL Radio Family
Radio Configuration Utility
Location Code
Relay Mode
Forwarding
Radio Modes
Jump Tables
Navigation
Navigation Bar
Planning
Utility Panels
Serial
Information
Firmware
Encryption
Notes
Configuration
Advanced Configuration
Reset
Country
Pool
Site Survey
Promiscuous Survey
Testing
Optimization
Addressed Protocols
Paired Units
Asynchronous Environments
Protocol
Sequence Numbers
Commands
Memory Map
Registers
Signal Strengths
OSS Foundations

Encryption

CDR XL family radios use Blowfish encryption and may be configured with keys of 8 to 448 bits.

CDR XL family radios encrypt packets in a cipher-block chaining (CBC) mode, using a randomly chosen initialization vector (IV). A hardware entropy source is used to select the next IV used, so unlike pseudo-random (PR) IVs, IV selection will not repeat periodically.

CDR XL family radios use a keyed-hash message authentication code (HMAC) to digitally "sign" each packet. The hashing function used is SHA-1, and the full 20 byte HMAC is appended to each encrypted packet. No HMAC truncation is performed and all 20 HMAC bytes are tested by the receiver to validate the packet's authenticity.

By default, the CDR XL family radios will discard all unencrypted packets received when encryption is enabled, but it is possible to disable this feature. All encrypted packets which can not be validated (i.e. sent with an incorrect HMAC or encrypted with a different key) are discarded, regardless of radio configuration.