Forum Discussion

Cole_McDonald's avatar
Cole_McDonald
Icon for Professor rankProfessor
2 years ago
Solved

SNMPv3 Password Character Set Restrictions?

I’m working on adding a hundred or so Long Strong SNMPv3 passwords into a class of device we’re going to start monitoring.  I’m can walk the snmp locally, from a linux neighbor, but not from LM.  I’m...
linux
password
snmp
  • kendall's avatar
    kendall
    2 years ago

    Hi @Stuart Weenig !

    Perhaps I’m misunderstanding the question, but everyone from Oracle to Cisco to IBM advises that a a privacy password  “must contain exactly 8 characters in length and include any combination of alphanumeric characters (uppercase letters, lowercase letters, and numbers)”. Actually, it may just be Oracle that says “exactly” 8 because IBM and others indicate 8-32. it is my understanding that the length is determined by the level of the encryption algo used, so AES would require less characters than AES128 or 256, etc. 

     https://docs.oracle.com/cd/E37444_01/html/E37449/gpqnr.html

    I can’t say if this information is outdated or not. The current RFC standard is here: https://www.rfc-editor.org/rfc/rfc3411 I have not had time to comb through this for info, though.

Cole_McDonald's avatar
Cole_McDonald
Icon for Professor rankProfessor
12 months ago

the length is determined by the level of the encryption algo used

That may be the key. Cole, what’s the encryption depth you’re telling LM to use?

AES… which seems to default it to AES128 when I perform the SNMP diagnose from a debug.  LM support was able to get special characters to work by pre-escaping them when creating them on the Linux device… but I’m able to use the existing password from other linux devices, so I don't think that’s a workable solution that I’m going to pursue.  Espacially since we have a need to deploy SNMP accounts at scale.  I’ve also pulled LM’s java our of the troubleshooting mix by calling the SNMP tools they use directly from Windows and that also fails.  Mathematically, I want to keep the length and character set as big as possible to make it harder to crack… even if it’s only read only.