test

Solaris System Management Agent Administration Guide

Authentication Protocol Algorithms

In USM as implemented by the System Management Agent, two authentication protocols are supported. These authentication protocols are described in the following list.

HMAC-MD5–96

In the System Management Agent, the Message Digest implementation is HMAC-MD5–96. Based on MD5, this one-way encryption uses a 96–bit hash a 16 octet key length. Computationally, no two messages can have the same message digest. Also you cannot produce a message from a given prespecified target message digest. The MD5 algorithm is designed for digital signature applications. In these applications, large files must be securely compressed before being encrypted with a private key under a public-key cryptosystem. The HMAC-MD5–96 algorithm can be used with 32-bit machines. No large substitution tables are required. The algorithm can be coded quite compactly. For more information on MD5, see RFC 1321 at http://www.ietf.org/rfc/rfc1321.txt.

HMAC-SHA–96

In the System Management Agent, the Secure Hash Algorithm (SHA) implementation is HMAC-SHA–96. This one-way encryption uses a 96–bit hash and a 20–octet key length. The algorithm takes as input a message of less than 264 bits in length. The input message is processed in 512–bit blocks. The algorithm produces a 160-bit message digest output. This message digest can then, for example, be used as an input to a signature algorithm, which generates or verifies the signature for the message. The message digest is signed, instead of the message itself, which improves efficiency because the message digest is smaller than the original message. If the creator of a digital signature uses SHA, then the verifier of the digital signature clearly must also use SHA. If the message is changed during transit, this change almost always changes the message digest, so the digital signature fails to verify. SHA is secure because computationally no two messages can have the same message digest. You also cannot produce a message from a given prespecified target message digest. The design of SHA is similar to the MD5 family of hash functions. For more information on SHA, see RFC 3174 at http://www.ietf.org/rfc/rfc3174.txt.

For the System Management Agent, the default authentication protocol is HMAC-MD5–96. Setting is auth proto = MD5.