[cisco-voip] DRS Backup Decrypter Workaround - Need Input
bmeade90 at vt.edu
Tue Sep 26 10:42:51 EDT 2017
I'd probably use it less. Right now, I use it for almost every project to
verify cluster security passwords.
I'd probably have to make this more of a last resort in that case and make
sure to get sign-off from the customer.
On Tue, Sep 26, 2017 at 10:38 AM, Pete Brown <jpb at chykn.com> wrote:
> I could use some public input regarding the next release of the DRS Backup
> Decrypter. In a nutshell, the application will have to be online in order
> to decrypt backup sets from newer UCOS versions.
> Last year Cisco started patching DRS with a new algorithm (
> PBEWithHmacSHA1AndDESede) to encrypt the random backup passwords. I
> haven't been able to find a .NET implementation of this algorithm. The
> only workaround I've come up with is to have the DRS Backup Decrypter make
> a call to a Java webservice that can perform the decryption.
> The problems with this approach are pretty obvious. Aside from having to
> be online, the encrypted cluster security password and 'EncryptKey' from a
> backup set will need to be submitted to a web service that I've written for
> decryption. I can publish a public copy of this webservice, but for those
> behind corporate proxies (myself included), the code could be made
> available to run the service within their own networks. In that case the
> DRS Backup Decrypter would be pointed to the internal copy of the
> I personally detest utilities that can't operate offline, but it's the
> only workaround I can come up with at this point. So my question is this -
> would anyone actually use it given the webservice dependency?
> cisco-voip mailing list
> cisco-voip at puck.nether.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cisco-voip