[j-nsp] Decode $9$ encrypted Junos secrets

Phil Shafer phil at juniper.net
Tue Mar 20 13:54:20 EDT 2012


Matt Hite writes:
>It's interesting to note just how many things are stored in $9$
>encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5
>secrets, etc.

It's really obfuscation, not encryption.  These are values that
have to be available in raw form to various software components.
So we have this "unreadable" type that obfuscates the values so
someone looking over your shoulder won't immediately know your
secrets.

In contrast, user passwords are encrypted in a "one way" method
using the normal md5 hash marker ("$1$").   These cannot be
reversed like the $9$ values.

Thanks,
 Phil


More information about the juniper-nsp mailing list