VV> From the older posts in NetSNMP forums I understood that NetSNMP VV> version 5.1.4 was (partially) supporting AES256 and later versions VV> of the NetSNMP dropped the support. From the information available VV> in the NetSNMP wiki, it seems they dropped the support as AES 256 & VV> 192 were in draft phase.
VV> I would like to know whether there are any plans of supporting AES-256 in VV> near future. AES-256 was never standardized by the IETF as a valid USM algorithm, and hence the reason we dropped it from the early working of the code (it never worked at all, in fact). We don't currently have any plans to support it, but we'd consider patches from anyone that wanted to submit them. It's also worth noting that because the way the secrecy keys are generated you may be getting the algorithm for AES256, but in terms of brute force strength the entropy in the keys are limited to that of the hashing algorithm. Thus the real entropy of an AES256 key when used with SHA was is only 160 bits (because of the way USM keys are generated). Net-SNMP 5.6 has (will have) support for DTLS and TLS, which offer AES256 support as well, if you want to consider using that security system instead of SNMPv3/USM. -- Wes Hardaker Cobham Analytic Solutions ------------------------------------------------------------------------------ Start uncovering the many advantages of virtual appliances and start using them to simplify application deployment and accelerate your shift to cloud computing. http://p.sf.net/sfu/novell-sfdev2dev _______________________________________________ Net-snmp-users mailing list Net-snmp-users@lists.sourceforge.net Please see the following page to unsubscribe or change other options: https://lists.sourceforge.net/lists/listinfo/net-snmp-users
