The reason I asked was to see if other peoples impression was the same as mine. I've got the tools for the level 7 passwords, but was under the impression that the enable secret was almost impossible. I do some work for a fairly large company that had some penetration testing done this week by a government agency. One of the "hackers" told me that depending on the length and complexity of the password he could crack the enable password from the MD5 hash pretty quickly. The passwords we normally use for enable secrets are over 8 character random alphanumeric strings, so it was taking some time. Not believing him entirely, I suggested that I simplify the password a little to a dictionary word of 7 characters. I changed it to "kittens" and it took his unix box around 5 seconds to go through the dictionary performing MD5 hash on every word, then comparing the result with the real hash.
I was quite surprised at how quick it was. Admittedly they need to see the MD5 hash somehow, but I've never gone over the top to cover these up before now. We also (a little carelessly) got caught out with a few switches with "IP HTTP SERVER" on as default, so the weakness with http allowed level 15 access to the switches. Oops. Just thought I'd bring it up anyway. I think "no ip http server" and more complex passwords are in order. Regards, Gareth ""John Neiberger"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > The enable secret would not be an easy thing to crack. The enable password, > however, can be cracked easily with a number of utilities available for free > on the internet. > > If you have hackers attacking your network who have the capability to crack > the enable secret then you have much bigger problems. > > As I recall, the enable secret displayed when you do a show run is a one-way > hash, so the original cannot be determined from the encrypted version. I'll > have to check into that. > > A good hacker would spend his time elsewhere. Sitting at the login prompt > trying to guess passwords for a few years probably isn't a wise way to spend > one's time. Hackers tend to go for the low-hanging fruit. > > Regards, > John > > On Sun, 21 Oct 2001 09:13:35 -0400, Gareth Hinton wrote: > > | Hi all, > | > | I'm asking this as a matter of interest after something I saw this week: > | Given the following line of config: > | > | enable secret 5 $1$32Pc$uq7Tr7gq4v22PqEG4WFF90 > | > | What are the chances of cracking the enable secret? (Without raising > | suspicicion by having 40 million attempts on the box itself.) > | Lets say the password is an 8 character string of letters only, not > | necessarily a dictionary word. > | > | What's everybody's view, could it be easily hacked or not? > | > | > | Thanks, > | > | Gaz > | > | > | > | > _______________________________________________________ > http://inbox.excite.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=23696&t=23670 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
