Child pages
  • How to configure nonstandard AES 192/256 for a SNMPv3 user?

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added information about key extension


Tip
titleAvoid compatibility problems by choosing right authentication protocol

Different key extension algorithms cause compatibility issues with AES >128 protocols. To avoid them and to ensure best security, use appropriate authentication protocols to avoid key extension at all.

That leads to the simple rule:

For AES256 use at least SHA256!


Some devices* and SNMP tools use an AES key extension algorithm implementation for 192 and 256 bit key length that was not specified in the IETF draft http://tools.ietf.org/html/draft-blumenthal-aes-usm-04. Instead those implementations use the key extension algorithm specified by http://tools.ietf.org/html/draft-reeder-snmpv3-usm-3desede-00. To use the latter non-standard protocol follow the steps below:

...