On Thu, 14 Jul 2022 at 00:29, Paban Agarwalla <pabanagarwa...@gmail.com>
wrote:

> when we configure v3 users. Some of the algorithm combinations failed.
>
That's an odd result.  It's like the authentication key length is having an
effect on the authentication key length you can use. If the auth key is
smaller than the privacy key, you get a failure.

RFC3826, which describes AES-128 for SNMP, says anything that has 128bits
or more for authentication will work with it and anything in RFC3414
(SHA-95 MD5-96) satisfy that.

Assuming they're using the Blumenthal extensions for AES-192 and AES-256, I
wonder if they're getting the rules around privacy key lengths and
authentication key lengths confused? For example the draft standard says "192
bits (24 octets) for AES-192" which would mean (if you thought it was the
auth key) that the top-center one should fail, but they're talking about
the privacy key here (section 3.2.1).

Another thought, are you using the same key for your privacy and
authentication?

 - Craig
_______________________________________________
Net-snmp-coders mailing list
Net-snmp-coders@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders

Reply via email to