MIB Discovery
1930 modules enregistrés
Chemin
MIX : 1 (iso). 3 (org). 6 (dod). 1 (internet). 3 (experimental). 101 (snmpUsmDHObjectsMIB). 1 (usmDHKeyObjects). 2 (usmDHKickstartGroup). 1 (usmDHKickstartTable). 1 (usmDHKickstartEntry). 3 (usmDHKickstartMgrPublic)
OID : 1.3.6.1.3.101.1.2.1.1.3
TXT : iso. org. dod. internet. experimental. snmpUsmDHObjectsMIB. usmDHKeyObjects. usmDHKickstartGroup. usmDHKickstartTable. usmDHKickstartEntry. usmDHKickstartMgrPublic
Enfants
Pas d'enfants disponibles pour cet OID
Détails
OID1.3.6.1.3.101.1.2.1.1.3
Module SNMP-USM-DH-OBJECTS-MIB (ietf)
NomusmDHKickstartMgrPublic
Accesreadonly
Statuscurrent
DescriptionThe manager's Diffie-Hellman public value for this row. Note that this value is not set via the SNMP agent, but may be set via some out of band method, such as the device's configuration file. The manager calculates this value in the same manner and using the same parameter set as the agent does. E.g. it selects a random number 'r', calculates y = g^r mod p and provides 'y' as the public number expressed as an OCTET STRING. See usmDHKickstartMyPublic for details. When this object is set with a valid value during initialization, a row is created in the usmUserTable with the following values: usmUserEngineID localEngineID usmUserName [value of usmDHKickstartSecurityName] usmUserSecurityName [value of usmDHKickstartSecurityName] usmUserCloneFrom ZeroDotZero usmUserAuthProtocol usmHMACMD5AuthProtocol usmUserAuthKeyChange -- derived from set value usmUserOwnAuthKeyChange -- derived from set value usmUserPrivProtocol usmDESPrivProtocol usmUserPrivKeyChange -- derived from set value usmUserOwnPrivKeyChange -- derived from set value usmUserPublic '' usmUserStorageType permanent usmUserStatus active A shared secret 'sk' is calculated at the agent as sk = mgrPublic^r mod p where r is the agents random number and p is the DH prime from the common parameters. The underlying privacy key for this row is derived from sk by applying the key derivation function PBKDF2 defined in PKCS#5v2.0 with a salt of 0xd1310ba6, and iterationCount of 500, a keyLength of 16 (for usmDESPrivProtocol), and a prf (pseudo random function) of 'id-hmacWithSHA1'. The underlying authentication key for this row is derived from sk by applying the key derivation function PBKDF2 with a salt of 0x98dfb5ac , an interation count of 500, a keyLength of 16 (for usmHMAC5AuthProtocol), and a prf of 'id-hmacWithSHA1'. Note: The salts are the first two words in the ks0 [key schedule 0] of the BLOWFISH cipher from 'Applied Cryptography' by Bruce Schnier - they could be any relatively random string of bits. The manager can use its knowledge of its own random number and the agent's public value to kickstart its access to the agent in a secure manner. Note that the security of this approach is directly related to the strength of the authorization security of the out of band provisioning of the managers public value (e.g. the configuration file), but is not dependent at all on the strength of the confidentiality of the out of band provisioning data.
SyntaxeOctetString