|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |
Date: Mon, 02 Jul 2001 15:35:40 -0700 From: Carson Gaspar <carson@taltos.org> To: Eric Vyncke <evyncke@cisco.com>, bugtraq@securityfocus.com Message-ID: <780218281.994088140@athyra> In-Reply-To: <4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline --On Friday, June 29, 2001 10:00 AM +0200 Eric Vyncke <evyncke@cisco.com> wrote: > As you probably know, for some password (used notably for SNMP, CHAP, > PAP, IKE, ...) there is a protocol need to get those passwords in the > clear. Hence, the obfuscation mechanism will always be reversible. Even > using 3DES will require a hard coded key hidden somewhere in the IOS > code (and a 'simple' reverse engineering will expose this key). > > Of course, suggestions are welcome For CHAP, do you actually need the password in the clear, or do you need the password+realm hash? The latter is far less dangerous. -- Carson
|
|
|
|
|
|
|
|
|
|
|
|
| home | help | back | first | fref | pref | prev | next | nref | lref | last | post |