SNMPv3 Authentication Protocol MD5 or SHA

n3tm1n · ‎11-04-2014

Which is better to use for SNMPv3?

Also, which version of SHA is it using? Switches in question 6600/3500 series.

Suprised that the switch only supports AES 128

n3tm1n · ‎10-27-2015

Do any of the Procurves switches support AES-256 (6600, 5400, 5400r, 3500, etc)? AES-128 is outdated and 256 is has been a standard for a while now. I don't see any reference to AES-256 in any of the configuration guides.

n3tm1n · ‎01-26-2016

Reviewed Manuals for the above switches based on k/ka 15.18 and AES-256 is still not offered as an encryption option for both SNMPv3 and MACSec for that matter. Only AES-128 is available.

Is this a hardware limitation or software? I'm sure companies that need to follow strict security compliance view AES-128 weak/not strong enough. Especially since AES-256 is the norm these days.

BrackeKommun · ‎01-27-2016

On tcp or the rest of IP traffic is AES-256 crypto is seen as minimal, some wanna have 384 or 512. SNMP is wayyyy behind sadly. But some is better then non.

If it's hardware or software - both, switches normaly has not the world best CPU for doing crypto. software is a problem to, the worst is a badly compiled crypto-code. you think you are secure but your not. AES-256 is great done correct, if the randomize the prime's and not follow a list =)

Didn't Juniper and Cisco have that problem? Can't remember if that was a case.