I just came across RFC 7860 while looking for updates to the SNMPv3 authentication models.
It's good to see updated hash algorithms, however, I'm confused by several aspects of section 9.3, Derivation of Keys from Passwords: 1. Why is the word "SHOULD" used for this specification? There is no alternative given, and if two systems use a different procedure, they will be unable to authenticate successfully. It seems like "MUST" would be appropriate here. 2. It specifies using the password-to-key algorithm from RFC 3414, however, it seems like this algorithm has no technical merit, and I cannot find any basis for why this is a good idea. Using a predictable 1MB input to the hash *lowers *its security as compared to using the input directly, as it drastically lowers the effective entropy. For example, the passwords "abc" and "abcabc" and "abcabcabc" are now equivalent. In addition, there is a performance cost for doing this, but without the full security benefits of an actual "slow-hash" (such as scrypt, bcrypt or PBKDF2). 3. The algorithm then says to combine `digest1 + snmpEngineID + digest1` -- why do this instead of simply `digest1 + snmpEngineID`? Once again, this incurs a performance cost but does nothing to increase the entropy or resistance to brute-force attacks. Thanks
_______________________________________________ OPSAWG mailing list [email protected] https://www.ietf.org/mailman/listinfo/opsawg
