nanog mailing list archives
Re: Cisco, haven't we learned anything? (technician reset)y
From: Martin Hannigan <hannigan () world std com>
Date: Thu, 12 Jan 2006 21:41:18 -0500 (EST)
On Thu, 2006-01-12 at 21:05:52 -0500, Steven M. Bellovin proclaimed...How much entropy is there in a such a serial number? Little enough that it can be brute-forced by someone who knows the pattern? Using some function of the serial number and a vendor-known secret key is better -- until, of course, that "secret" leaks. (Anyone remember how telephone credit card number verification worked before they could do full real-time validation? The Phone Company took a 10-digit phone number and calculated four extra digits, based on that year's secret. Guess how well that secret was kept....)Hi Steven, I believe the Netscreen default password of a serial number can only be entered over the console (and possibly modem/aux) port(s).
Yes. Sorry, I left that out. -M<
Current thread:
- Re: Cisco, haven't we learned anything? (technician reset), (continued)
- Re: Cisco, haven't we learned anything? (technician reset) Bill Nash (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) John Kinsella (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Gary E. Miller (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Jay Hennigan (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) william(at)elan.net (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset)y Martin Hannigan (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset)y Steven M. Bellovin (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset)y eric (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset)y Martin Hannigan (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset)y Steven M. Bellovin (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Bill Nash (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) eric (Jan 12)
- Re: Cisco, haven't we learned anything? (technician reset) Martin Hannigan (Jan 12)