|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Carson Gaspar (carson
taltos.org)Date: Mon Jul 02 2001 - 17:35:40 CDT
--On Friday, June 29, 2001 10:00 AM +0200 Eric Vyncke <evynckecisco.com>
wrote:
> As you probably know, for some password (used notably for SNMP, CHAP,
> PAP, IKE, ...) there is a protocol need to get those passwords in the
> clear. Hence, the obfuscation mechanism will always be reversible. Even
> using 3DES will require a hard coded key hidden somewhere in the IOS
> code (and a 'simple' reverse engineering will expose this key).
>
> Of course, suggestions are welcome
For CHAP, do you actually need the password in the clear, or do you need
the password+realm hash? The latter is far less dangerous.
-- Carson
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]