[j-nsp] decrypting BGP session keys on JUNOS

[Peter Mills]

"Show protocol bgp | display set" 

Shows the unencrypted MD5 password.

Peter

> -----Original Message-----
> From: juniper-nsp-bounces at puck.nether.net [mailto:juniper-nsp-
> bounces at puck.nether.net] On Behalf Of Joe Abley
> Sent: 28 April 2004 17:40
> To: Sean Donelan
> Cc: juniper-nsp at puck.nether.net
> Subject: Re: [j-nsp] decrypting BGP session keys on JUNOS
> 
> 
> On 28 Apr 2004, at 12:32, Sean Donelan wrote:
> 
> > On Wed, 28 Apr 2004, Joe Abley wrote:
> >> Does anybody happen to know how to extract plain text passwords for
> >> individual BGP sessions from a running Juniper M-series router?
> >
> > Equality verification doesn't depend on where you start.  You can start
> > from either the database side, hash the password and compare to the
> > router configuration; or you can start from the router, de-hash the
> > password and compare to the database.
> >
> > I think you will find it easier to start with what you know in the
> > database.
> 
> That would solve some of my problems (if I knew what hash Juniper were
> using: what does the $9$ token signify in the hash?).
> 
> However, it won't help me if I can see that the session key applied to
> the router is working, and want to store that working key in the
> database without arranging to change it.
> 
> The plain text for the MD5 session key needs to be known by the router
> in order to calculate the MD5 across the concatenation of that key with
> the packet gubbins, so it doesn't seem unreasonable to suppose that
> there might be some way of retrieving it.
> 
> 
> Joe
> 
> _______________________________________________
> juniper-nsp mailing list juniper-nsp at puck.nether.net
> http://puck.nether.net/mailman/listinfo/juniper-nsp