[j-nsp] decrypting BGP session keys on JUNOS

Joe Abley jabley at isc.org
Wed Apr 28 12:39:48 EDT 2004


On 28 Apr 2004, at 12:32, Sean Donelan wrote:

> On Wed, 28 Apr 2004, Joe Abley wrote:
>> Does anybody happen to know how to extract plain text passwords for
>> individual BGP sessions from a running Juniper M-series router?
>
> Equality verification doesn't depend on where you start.  You can start
> from either the database side, hash the password and compare to the
> router configuration; or you can start from the router, de-hash the
> password and compare to the database.
>
> I think you will find it easier to start with what you know in the
> database.

That would solve some of my problems (if I knew what hash Juniper were 
using: what does the $9$ token signify in the hash?).

However, it won't help me if I can see that the session key applied to 
the router is working, and want to store that working key in the 
database without arranging to change it.

The plain text for the MD5 session key needs to be known by the router 
in order to calculate the MD5 across the concatenation of that key with 
the packet gubbins, so it doesn't seem unreasonable to suppose that 
there might be some way of retrieving it.


Joe



More information about the juniper-nsp mailing list