This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

What does 'password is a key' mean?

I recently set snmp configuration and encounter a problem.When I uncheck 'password is a key',the result will be test successful.Otherwise,it will be test failed.Could someone please tell me what does 'password is a key' mean?

  • I don't see that anyone answered your question yet. This is my understanding. Someone can further clarify or correct me where I'm wrong. 

    Simple answer/Generalization: Different devices read in different formats. It is similar to video file encoding. Some files are supported naturally on Windows Media Player (like MP4s). To play other files on Windows Media Player. (like MKVs) you need to download CODECs for the files to work. The same concept applies to the devices running SNMPv3.

     SNMPv3 keys are usually written in ASCII. A majority of machines you run across will handle information written in ASCII. For different reasons (cheap manufacturer or type encryption used), some machines won't process ASCII the way you want. The machines that don't use ASCII keys, encrypt data differently into "Blocks". Depending on the equipment you are using and the mode of encryption the device runs, you may need to click the "Password is a key" check box to create a unique key for the local device. Because of the encryption mode or because of the manufacture's decision, ASCII might not work.

    An example: some people might say "Use AES-128" when encrypting data. AES-128 is a broad term. There are 5 modes/versions of AES-128. They are ECB, CBC, CFB, OFB, & CTR. On some equipment, you might see something like CFB-AES-128 listed when you are choosing an encryption type. CFB is fairly common and is only compatible with CFB. For CFB, you would simply use a password in SolarWinds for it to work. On the other hand, if your equipment supported OFB-AES-128, you would need to click "Password is a key" for it to work. The encryption mode works differently, and ASCII strings don't necessarily work for OFB.

    Does that make sense?  

  • I somehow missed this. Thanks for the explanation @Fred.Loucks I wasn't super clear myself and learned a bit too. From the SolarWinds perspective, we don't really have a recommendation on how to configure the SNMP v3 authentication, we just try to support what our customers are running. 

    As a side note, I'll link a Success Center knowledge base article as well, as it gives our recommendations across the platform for secure configurations. This isn't specifically cited in the article, but there are other recommendations you might find useful. 

    Secure Configurations for the SolarWinds Platform