[j-nsp] decrypting BGP session keys on JUNOS
Joe Abley
jabley at isc.org
Wed Apr 28 12:39:48 EDT 2004
On 28 Apr 2004, at 12:32, Sean Donelan wrote:
> On Wed, 28 Apr 2004, Joe Abley wrote:
>> Does anybody happen to know how to extract plain text passwords for
>> individual BGP sessions from a running Juniper M-series router?
>
> Equality verification doesn't depend on where you start. You can start
> from either the database side, hash the password and compare to the
> router configuration; or you can start from the router, de-hash the
> password and compare to the database.
>
> I think you will find it easier to start with what you know in the
> database.
That would solve some of my problems (if I knew what hash Juniper were
using: what does the $9$ token signify in the hash?).
However, it won't help me if I can see that the session key applied to
the router is working, and want to store that working key in the
database without arranging to change it.
The plain text for the MD5 session key needs to be known by the router
in order to calculate the MD5 across the concatenation of that key with
the packet gubbins, so it doesn't seem unreasonable to suppose that
there might be some way of retrieving it.
Joe
More information about the juniper-nsp
mailing list