Password-to-Key Conversion

There are two distinct passwords in SNMPv3. The authentication password is manipulated using the HMAC-SHA-96 algorithm to produce a key used to authenticate the trap. Authentication ensures the identity of the user and that the trap has not been tampered with in transit. Likewise, the privacy password is manipulated using the CBC-DES algorithm to ensure message privacy.

One user is associated by a name, an authentication password and a privacy password. These three parameters are always consistent for the user and can be used across multiple SBCs. The key generation differs from one SBC to another due to the varying SNMPEngineIDs. This ensures that a compromised key for one SBC does not compromise the keys for other SBCs associated with the same user.

Previous
Previous 		Next
Next
Go To Table Of Contents
Contents