Re: [j-nsp] Decode $9$ encrypted Junos secrets
Matt Hite writes: It's interesting to note just how many things are stored in $9$ encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5 secrets, etc. It's really obfuscation, not encryption. These are values that have to be available in raw form to various software components. So we have this unreadable type that obfuscates the values so someone looking over your shoulder won't immediately know your secrets. In contrast, user passwords are encrypted in a one way method using the normal md5 hash marker ($1$). These cannot be reversed like the $9$ values. Thanks, Phil ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Decode $9$ encrypted Junos secrets
On Tue, Mar 20, 2012 at 10:54 AM, Phil Shafer p...@juniper.net wrote: Matt Hite writes: It's interesting to note just how many things are stored in $9$ encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5 secrets, etc. It's really obfuscation, not encryption. These are values that have to be available in raw form to various software components. So we have this unreadable type that obfuscates the values so someone looking over your shoulder won't immediately know your secrets. In contrast, user passwords are encrypted in a one way method using the normal md5 hash marker ($1$). These cannot be reversed like the $9$ values. Absolutely. Your clarification is appreciated. -M ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Decode $9$ encrypted Junos secrets
For one-way hash: http://www.openwall.com/john/ Matt Hite [li...@beatmixed.com] wrote: On Tue, Mar 20, 2012 at 10:54 AM, Phil Shafer p...@juniper.net wrote: Matt Hite writes: It's interesting to note just how many things are stored in $9$ encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5 secrets, etc. It's really obfuscation, not encryption. ?These are values that have to be available in raw form to various software components. So we have this unreadable type that obfuscates the values so someone looking over your shoulder won't immediately know your secrets. In contrast, user passwords are encrypted in a one way method using the normal md5 hash marker ($1$). ? These cannot be reversed like the $9$ values. Absolutely. Your clarification is appreciated. -M ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp -- The language of the totalist environment is characterized by the thought-terminating cliche. The most far-reaching and complex of human problems are compressed into brief, highly reductive, definitive-sounding phrases, easily memorized and easily expressed. These become the start and finish of any ideological analysis. - Robert Jay Lifton ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
[j-nsp] Decode $9$ encrypted Junos secrets
Greetings, Threw this together a few days ago to recover $9$ encrypted Junos passwords (RADIUS secrets, BGP MD5's, etc.). It is ported from this Perl library: http://cpansearch.perl.org/src/KBRINT/Crypt-Juniper-0.02/lib/Crypt/Juniper.pm to a Python 2.7 script: https://github.com/mhite/junosdecode Remember to escape your $'s on the CLI when launching the script: $ ./junosdecode.py \$9\$U-iqf36A1cSTzRSreXxDik.Tzn/CuBI junos password decrypter python version by matt hite original perl version by kevin brintnall encrypted version: $9$U-iqf36A1cSTzRSreXxDik.Tzn/CuBI decrypted version: juiper123 Thanks, -M ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
Re: [j-nsp] Decode $9$ encrypted Junos secrets
Thanks Matt, This is a good tool. Best regards, --- David On Mon, Mar 19, 2012 at 4:23 PM, Matt Hite li...@beatmixed.com wrote: Greetings, Threw this together a few days ago to recover $9$ encrypted Junos passwords (RADIUS secrets, BGP MD5's, etc.). It is ported from this Perl library: http://cpansearch.perl.org/src/KBRINT/Crypt-Juniper-0.02/lib/Crypt/Juniper.pm to a Python 2.7 script: https://github.com/mhite/junosdecode Remember to escape your $'s on the CLI when launching the script: $ ./junosdecode.py \$9\$U-iqf36A1cSTzRSreXxDik.Tzn/CuBI junos password decrypter python version by matt hite original perl version by kevin brintnall encrypted version: $9$U-iqf36A1cSTzRSreXxDik.Tzn/CuBI decrypted version: juiper123 Thanks, -M ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp ___ juniper-nsp mailing list juniper-nsp@puck.nether.net https://puck.nether.net/mailman/listinfo/juniper-nsp
