artulab
projects / openbsd / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3d3fc72) | patch
Switch default snmpd and snmp auth back to hmac-sha1.
authorsthen <sthen@openbsd.org>
Sun, 8 Aug 2021 13:41:26 +0000 (13:41 +0000)
committersthen <sthen@openbsd.org>
Sun, 8 Aug 2021 13:41:26 +0000 (13:41 +0000)
commit808130e6d34a3e15b8c9e58ac4fe8b7e7b7d8700
tree227e35d2b1f4d52f4ebaa5d94ed5be2ca32c38edtree | snapshot
parent3d3fc72f0c4391985e71bd76afc9bac4746d4313commit | diff
Switch default snmpd and snmp auth back to hmac-sha1.

Practical experience on several machines after updates suggests the snmp
world isn't really ready for hmac-sha2-256, and the HMAC construction doesn't
require collision resistance (which is the weakness of MD5/SHA1; see e.g.
"New proofs for NMAC and HMAC: Security without collision-resistance",
Bellare 2014).

Feedback from martijn@ (who would prefer to keep using the sha2 hmac),
deraadt@, tb@.
usr.bin/snmp/snmp.1 diff | blob | history
usr.bin/snmp/snmpc.c diff | blob | history
usr.sbin/snmpd/snmpd.conf.5 diff | blob | history
usr.sbin/snmpd/snmpd.h diff | blob | history
OpenBSD src
by Ahmet Artu Yildirim