Re: [lwip-users] SNMPv3 ready for production?

[Jan Dospěl]

Hi Dirk,

 

Thank you for a comment.

I was surprised at one thing at SNMPv3 specification. How are calculated keys from password at SNMPv3 (appendix A2 of RFC3414). That algorithm requires extensive computing resources (16k x calculating hash SHA1 or MD5) and my poor Corte-M4@80MHz is not happy from that. Does anyone know some less computing time expensive way how calculate key. For my Cortex-M4@80Hz it takes calculating 7 sec with SHA1 hardware acceleration and 9 sec with software SHA1.

Implementation of that algorithm at RFC3414 (same at newer RFC7630) not make me sense. It requires many CPU cycles and significantly decrease security. How such thing can be at RFC?

 

Jan

 

From: Dirk Ziegelmeier <dziegel@gmail.com>
Sent: Sunday, January 9, 2022 9:47 AM
To: Mailing list for lwIP users <lwip-users@nongnu.org>
Cc: Jan Dospěl <JanDospel@cometsystem.cz>
Subject: Re: [lwip-users] SNMPv3 ready for production?

 

SNMPv3 is working fine, you can use it in products

 

On Tue, Jan 4, 2022 at 4:20 PM Jan Dospěl via lwip-users <lwip-users@nongnu.org> wrote:

Hi all,

 

I have ported SNMPv1+v2c from IwIP to embedded stack at WiFi SoC CC3220. Its works like a charm. But now I considering add support for SNMPv3.

 

I found at file snmp_opts.h note that SNMPv3 is experimental and under development. It is recommended to use SNMPv3 at production code or not?

 

I know that I will need to implement own functions like a snmpv3_auth(), snmpv3_crypt(), etc. I will use hardware acceleration inside CC3220 instead mbedtls code.

 

Thanks,

 

Jan

_______________________________________________
lwip-users mailing list
lwip-users@nongnu.org
https://lists.nongnu.org/mailman/listinfo/lwip-users