On 14/11/2007, Davin wrote:
> Brendan Simon wrote:
> > Are there any plans to support SHA512 (or SHA256) for authentication
> > protocol in the near future?
> > Any other hashing algorithms stronger than SHA1?

> I'm pretty sure that SHA2 isn't included in the SNMP standards. AES192
> and AES256 are unsupported for the same reason.


That's correct.
>From the last time this question came up:


=========
AES192 and AES256 were never fully supported. At one point in the
past the AES IETF document was going to standardize the 192 and 256
modes, but ended up dropping it before the final release of the RFC.

>From the net-snmp point of view we started supporting AES192 and 256

[in v5.1.x] when the initial drafts started circulating. HOWEVER, we never
supported it completely. You could not use passwords or master keys
to get to the localized key because the hash algorithms (MD5 and SHA)
didn't produce long enough keys and we never implemented the hash
iterations required to producing the longer keys.

In summary, you really shouldn't be using 192 and 256 anyway because
it's not a standard and no one else does, and it was dropped for
recent net-snmp versions [v5.2.xff] anyway.
=========

This response has also been put on the project Wiki as a "Good Answer"
(Strong Authentication or Encryption)

Dave
(quoting Wes)

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Net-snmp-users mailing list
Net-snmp-users@lists.sourceforge.net
Please see the following page to unsubscribe or change other options:
https://lists.sourceforge.net/lists/...net-snmp-users