Penetration Testing mailing list archives
Re: [PEN-TEST] Router Password Recovery
From: Robert van der Meulen <rvdm () CISTRON NL>
Date: Wed, 31 Jan 2001 02:19:07 +0100
Hi, Quoting Randy Williams (randyw () SHORE NET):
Be careful about what's called "encrypted" here. Cisco's normal encryption (referred to as "Cisco 7", for it's ridiculous 7-bit hash) is easily cracked. Using an MD5-based hash (referred to as "enable secret" passwords), the encryption is uncrackable. As mentioned before, you'll have to reset the password.
Be careful with using terms like 'uncrackable'. MD5-based hashes are currently mostly uncrackable in a mathematically-infeasable kind of way, but are very much not so when using attacks like dictionary-based ones. I have successfully used dictionary attacks against md5 hashes in the past, and probably will in the future. To take this even further, i tend to substitute terms like 'uncrackable' , 'unbreakable', and 'impossible to decode without the key' for terms like 'weak' or the like in descriptions of (often proprietary) crypto-implementations from commercial vendors, and it doesn't seem off in lots of the cases. Greets, Robert -- Linux Generation
Current thread:
- [PEN-TEST] Router Password Recovery Smith, Lonnie (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Bill Pennington (Jan 30)
- Re: [PEN-TEST] Router Password Recovery UID Zero (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Frank Keeney (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Greg (Jan 31)
- Re: [PEN-TEST] Router Password Recovery Frank Keeney (Jan 30)
- <Possible follow-ups>
- Re: [PEN-TEST] Router Password Recovery Justin Shaffer (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Robert van der Meulen (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 31)
- Re: [PEN-TEST] Router Password Recovery Randy Williams (Jan 30)
- Re: [PEN-TEST] Router Password Recovery Leif Sawyer (Jan 30)