Strong Authentication or Encryption

From Net-SNMP Wiki
Revision as of 09:29, 14 November 2007 by Dts12 (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Good Answer

This is a Good Answer article. It was likely created as a response to a question on a Net-SNMP Mailing List and written up here for others to see. It likely covers material not yet in the FAQ or in the Tutorial but may someday be moved there

Question

Does Net-SNMP support AES192 or AES256? Does it support anything stronger than SHA1?

Answer

AES192 and AES256 were never fully supported. At one point in the past the AES IETF document was going to standardize the 192 and 256 modes, but ended up dropping it before the final release of the RFC.

From the net-snmp point of view we started supporting AES192 and 256 [in v5.1.x] when the initial drafts started circulating. HOWEVER, we never supported it completely. You could not use passwords or master keys to get to the localized key because the hash algorithms (MD5 and SHA) didn't produce long enough keys and we never implemented the hash iterations required to producing the longer keys.

There has been no standardization done for 3DES. Although other products exist that support 3DES, these will be based on work that was never well vetted.

In summary, you really shouldn't be using 192 and 256 anyway because it's not a standard and no one else does, and it was dropped for recent net-snmp versions [v5.2.xff] anyway.

Retrieved from "http://www.net-snmp.org/wiki/index.php?title=Strong_Authentication_or_Encryption&oldid=3189"