Re: [PEN-TEST] Router Password Recovery

[Randy Williams <randyw () SHORE NET>]

On Wed, 31 Jan 2001, Robert van der Meulen wrote:

> Hi,
>
> Quoting Randy Williams (randyw () SHORE NET):
> > Be careful about what's called "encrypted" here. Cisco's normal encryption
> > (referred to as "Cisco 7", for it's ridiculous 7-bit hash) is easily
> > cracked. Using an MD5-based hash (referred to as "enable secret"
> > passwords), the encryption is uncrackable. As mentioned before, you'll
> > have to reset the password.
>
> Be careful with using terms like 'uncrackable'.
> MD5-based hashes are currently mostly uncrackable in a
> mathematically-infeasable kind of way, but are very much not so when using
> attacks like dictionary-based ones.
> I have successfully used dictionary attacks against md5 hashes in the past,
> and probably will in the future.

An excellent point, and my apologies for not being more clear. What I
meant to indicate is that there's no known tool that will "recover" the
original password from the hashed version, unlike ciscocrack for Cisco 7
passwords. Most definitely, dictionary attacks will work against this
type of hash, simply because most people use lousy passwords :) With a
lengthy, mixed-character set password, using MD5 (or a similarly long
encryption cipher), you're going to have a VERY hard time cracking such a
password.

RW