Hi
The "enable secret", and that you see it on the config, is only a MD-5
hash of the original password. In other words, the router does not
stores
the password in the config, it only stores a "signature" of it. So,
there
is no way of "decrypt" it, as it is NOT encrypted (a hash function is
not
encryption). Of course that it is not 100% secure, you can try find
another
text that can produce the same exact signature, but using brut force,
requires
about 2power64 computations. Or maybe using one of the new mathematical
vulnerabilities of md-5 could be easier. I donīt know how close they are
to break it, but
md5 is still secure for usual comercial applications (I am not
cryptographer :-)
That is VERY different of type 5, as they are very simple encrypted (a
XOR, plus
a rotation I believe)
If u want more info on md5 and other cryptographic topics, check
www.counterpane.com
Regards
Gareth Hinton wrote:
>
> Has anybody actually managed to decrypt an enable password yet?
>
> I know the level 7 passwords are easily decrypted, but I've not seen the
> level 5 passwords decrypted yet.
>
> I realise, that depending on your organisation, you can never play too safe.
> I should think if anyone has cracked it, someone in this group will know
> about it - Anybody? Is it possible to crack it?
>
> Gareth
>
> ""Hans Stout"" <[EMAIL PROTECTED]> wrote in message
> [EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> > Hello colleagues,
> >
> > do you know if there is a way to make the line 'enable secret 5
> > $1$vwIl$YEZxTVGPapUUVCD.c54Ya' invisible when doing a 'sh run' in user
> mode
> > ? The problem is that I want to allow RO access and also allow to execute
> > the 'sh run' command, but that with a password decryptor, one could eaily
> > decrypt the enable password.
> > Thanks for your help in advance.
> >
> > Regards,
> >
> > Hans
> > _________________________________________________________________________
> > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
> >
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
--
---
Javier Contreras Albesa
Professional Trainer
PRO IN Training S.L.
PROfessional Information Networks
World Trade Center, Moll de Barcelona S/N
Edif Sur, Planta 4
Phone: (+34) 93-5088850 E-mail:
[EMAIL PROTECTED]
Fax: (+34) 93-5088860 Internet: http://www.proin.com
SHAPING THE FUTURE - BE PART OF IT!
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
