HPE Community
HPE Aruba Networking & ProVision-based
1823269 Members
3081 Online
109648 Solutions
New Discussion

SNMPv3 Authentication Protocol MD5 or SHA

 
n3tm1n
Valued Contributor

‎11-04-2014 02:27 PM

‎11-04-2014 02:27 PM

SNMPv3 Authentication Protocol MD5 or SHA

Which is better to use for SNMPv3?

 

Also, which version of SHA is it using? Switches in question 6600/3500 series.

 

Suprised that the switch only supports AES 128

0 Kudos
3 REPLIES 3
n3tm1n
Valued Contributor

‎10-27-2015 09:27 AM

‎10-27-2015 09:27 AM

Re: SNMPv3 Authentication AES-128 highest level?

Do any of the Procurves switches support AES-256 (6600, 5400, 5400r, 3500, etc)?  AES-128  is outdated and 256 is has been a standard for a while now. I don't see any reference to AES-256 in any of the configuration guides.

 

 

0 Kudos
n3tm1n
Valued Contributor

‎01-26-2016 01:58 PM

‎01-26-2016 01:58 PM

Re: SNMPv3 Authentication AES-128 highest level?

Reviewed Manuals for the above switches based on k/ka 15.18 and AES-256 is still not offered as an encryption option for both SNMPv3 and MACSec for that matter. Only AES-128 is available.

Is this a hardware limitation or software?  I'm sure companies that need to follow strict security compliance view AES-128 weak/not strong enough. Especially since AES-256 is the norm these days.

0 Kudos
BrackeKommun
Occasional Advisor

‎01-27-2016 05:29 AM

‎01-27-2016 05:29 AM

Re: SNMPv3 Authentication AES-128 highest level?

On tcp or the rest of IP traffic is AES-256 crypto is seen as minimal, some wanna have 384 or 512. SNMP is wayyyy behind sadly. But some is better then non.

If it's hardware or software - both, switches normaly has not the world best CPU for doing crypto. software is a problem to, the worst is a badly compiled crypto-code. you think you are secure but your not. AES-256 is great done correct, if the randomize the prime's and not follow a list =)

Didn't Juniper and Cisco have that problem? Can't remember if that was a case.

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.