[j-nsp] decrypting BGP session keys on JUNOS
Daniel Roesen
dr at cluenet.de
Wed Apr 28 16:25:22 EDT 2004
On Wed, Apr 28, 2004 at 12:32:25PM -0400, Sean Donelan wrote:
> On Wed, 28 Apr 2004, Joe Abley wrote:
> > Does anybody happen to know how to extract plain text passwords for
> > individual BGP sessions from a running Juniper M-series router?
>
> Equality verification doesn't depend on where you start. You can start
> from either the database side, hash the password and compare to the
> router configuration;
You can't. The hash "value" is not predictable from the input,
unlike Cisco "level 7 password". Some kind of random salt is being
used, so the result is always different.
> or you can start from the router, de-hash the
> password and compare to the database.
Problem is, that Juniper did not document the hashing algo so we have
to wait until the same happens as with the Cisco level 7 password
hashing.
Best regards,
Daniel
More information about the juniper-nsp
mailing list