SNMPv3 introduces advanced security model - USM (User-based security model) - which contains a list of users and their attributes. The USM is described by RFC 2574.

Each user has a name (called a securityName), an authentication type (authProtocol) and a privacy type (privProtocol) as well as associated keys for each of these (authKey and privKey).

Authentication is performed using the user's authKey to sign the message being sent. The authProtocol can be either MD5 or SHA at this time. authKeys (and privKeys) are generated from a passphrase that must be at least 8 characters in length.

Encryption is performed using the user's privKey to encrypt the data portion the message being sent. The privProtocol can be either AES or DES.

Messages can be sent unauthenticated, authenticated, or authenticated and encrypted by setting the securityLevel to use.

Using SHA-256 for authentication is supported and recommended for enhancing security. SHA-256 offers stronger cryptographic properties compared to its predecessor, SHA.