CVSROOT: /cvs
Module name: src
Changes by: [email protected] 2021/08/08 07:41:26
Modified files:
usr.sbin/snmpd : snmpd.conf.5 snmpd.h
usr.bin/snmp : snmp.1 snmpc.c
Log message:
Switch default snmpd and snmp auth back to hmac-sha1.
Practical experience on several machines after updates suggests the snmp
world isn't really ready for hmac-sha2-256, and the HMAC construction doesn't
require collision resistance (which is the weakness of MD5/SHA1; see e.g.
"New proofs for NMAC and HMAC: Security without collision-resistance",
Bellare 2014).
Feedback from martijn@ (who would prefer to keep using the sha2 hmac),
deraadt@, tb@.
