Versions Compared

Old Version 5

changes.mady.by.user Administrator

Saved on

compared with

New Version Current

changes.mady.by.user Administrator

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added information about key extension


Tip
titleAvoid compatibility problems by choosing right authentication protocol

Different key extension algorithms cause compatibility issues with AES >128 protocols. To avoid them and to ensure best security, use appropriate authentication protocols to avoid key extension at all.

That leads to the simple rule:

For AES256 use at least SHA256!


Some devices* and SNMP tools use an AES key extension algorithm implementation for 192 and 256 bit key length that was not specified in the IETF draft http://tools.ietf.org/html/draft-blumenthal-aes-usm-04. Instead those implementations use the key extension algorithm specified by http://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00. To use the latter non-standard protocol follow the steps below:

...