On Oct 19, 2005, at 10:29 AM, Perry E. Metzger wrote:
Via cryptome: http://evilscientists.de/blog/?page_id=343 The Cisco VPN Client uses weak encryption to store user and group passwords in your local profile file. I coded a little tool to reveal the saved passwords from a given profile file. If this is true, it doesn't sound like Cisco used a particularly smart design for this.
No matter what their strategy for encrypting the on-disk passphrase, this simple trick will work:
"ltrace -i ./vpnclient connect ... 2>&1 | fgrep 805ac57" (or similar library call tracing technique on an OS besides linux).
This used to be used by http://www.unix-ag.uni-kl.de/~massar/bin/cisco-decode but apparently they've switched to the evilscientists' method. -wps --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]