ban weak cryptographic algorithms from SNMP configuration (!1586) · Merge requests · Sylva-projects / sylva-core · GitLab

Pierrick Seite requested to merge 937-ban-weak-cryptographic-algorithms-from-snmp-configuration into main Feb 05, 2024

What does this MR do and why?

Considering cryptography weaknesses, this MR prevent SNMP using MD5 and DES to provide authentication and privacy respectively.

Note: if possible, SHA-1 should also be removed. However, some SNMP implementation do not support SHA256 yet.

rationale

well-known MD5 vulnerabilities: https://en.wikipedia.org/wiki/MD5
recommendation for AES and SHA256: https://cyber.gouv.fr/sites/default/files/2021/03/anssi-guide-selection_crypto-1.0.pdf
DES has been withdrawn as a standard by the NIST: https://csrc.nist.gov/files/pubs/fips/46/final/docs/nbs.fips.46.pdf

Closes #937 (closed)

Edited Feb 05, 2024 by Pierrick Seite