[j-nsp] Decode $9$ encrypted Junos secrets
Matt Hite
lists at beatmixed.com
Tue Mar 20 17:15:25 EDT 2012
On Tue, Mar 20, 2012 at 10:54 AM, Phil Shafer <phil at juniper.net> wrote:
> Matt Hite writes:
>>It's interesting to note just how many things are stored in $9$
>>encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5
>>secrets, etc.
>
> It's really obfuscation, not encryption. These are values that
> have to be available in raw form to various software components.
> So we have this "unreadable" type that obfuscates the values so
> someone looking over your shoulder won't immediately know your
> secrets.
>
> In contrast, user passwords are encrypted in a "one way" method
> using the normal md5 hash marker ("$1$"). These cannot be
> reversed like the $9$ values.
Absolutely. Your clarification is appreciated.
-M
More information about the juniper-nsp
mailing list