ProCurve / ProVision-Based
cancel
Showing results for 
Search instead for 
Did you mean: 

SNMPv3 Authentication Protocol MD5 or SHA

n3tm1n
Valued Contributor

SNMPv3 Authentication Protocol MD5 or SHA

Which is better to use for SNMPv3?

 

Also, which version of SHA is it using? Switches in question 6600/3500 series.

 

Suprised that the switch only supports AES 128

3 REPLIES
n3tm1n
Valued Contributor

Re: SNMPv3 Authentication AES-128 highest level?

Do any of the Procurves switches support AES-256 (6600, 5400, 5400r, 3500, etc)?  AES-128  is outdated and 256 is has been a standard for a while now. I don't see any reference to AES-256 in any of the configuration guides.

 

 

n3tm1n
Valued Contributor

Re: SNMPv3 Authentication AES-128 highest level?

Reviewed Manuals for the above switches based on k/ka 15.18 and AES-256 is still not offered as an encryption option for both SNMPv3 and MACSec for that matter. Only AES-128 is available.

Is this a hardware limitation or software?  I'm sure companies that need to follow strict security compliance view AES-128 weak/not strong enough. Especially since AES-256 is the norm these days.

BrackeKommun
Occasional Advisor

Re: SNMPv3 Authentication AES-128 highest level?

On tcp or the rest of IP traffic is AES-256 crypto is seen as minimal, some wanna have 384 or 512. SNMP is wayyyy behind sadly. But some is better then non.

If it's hardware or software - both, switches normaly has not the world best CPU for doing crypto. software is a problem to, the worst is a badly compiled crypto-code. you think you are secure but your not. AES-256 is great done correct, if the randomize the prime's and not follow a list =)

Didn't Juniper and Cisco have that problem? Can't remember if that was a case.