>>>>> "VSC" == Veerabahu Subramanian Chandran <-X (veechand - HCL at Cisco)" >>>>> <[EMAIL PROTECTED]>> writes:
VSC> From the available documentation/FAQ it is clear that the VSC> net-snmp binaries like (snmpwalk/snmpget/snmp*) supports only DES VSC> and AES encryption. That's correct. VSC> Is there any roadmap for the support of 3DES, AES256 VSC> encryption algorithms in net-snmp binaries? There is no standardization done for 3DES and AES256. Although I believe (know actually) other products exist that support 3DES it's done based on work that was never well vetted. The AES256 mode was also defined in early versions of the AES RFC but was later discarded. However, there is no technical reasons why it can't be done. Note that both 3DES and AES256 support require longer keys than what MD5 or SHA1 can generate, and thus the extra steps needed to produce longer key material have to be followed and I don't recall off the top of my head whether or not the internals of the Net-SNMP code base is able to follow the extra-length key generation mechanisms required by the KeyChange TC and other issues. (note that though AES256 support will use longer keys, the entropy in those keys will still be limited to 160 bits at most assuming the use of SHA1 (128 for MD5) and assuming passwords or master-keys are used. Now, you may wish to use it anyway to get the other stronger aspects of the algorithm as well, but the entropy in you keys won't be significantly longer unless you manually configure the localized key material directly) -- Wes Hardaker Sparta, Inc. ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Net-snmp-coders mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
