RE: user <user> secret <password> and CHAP doubt

From: Scott Morris (swm@emanon.com)
Date: Mon Jul 25 2005 - 21:57:00 GMT-3

• Next message: Dillon Yang: "Re: lesson from failure"
• Previous message: Scott Morris: "RE: user <user> secret <password> and CHAP doubt"
• Maybe in reply to: Gustavo Novais: "user <user> secret <password> and CHAP doubt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You can decode those with about 2 seconds of work. :) "username secret"
uses MD5 on the passwords.

Scott

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Arun
Arumuganainar
Sent: Sunday, July 24, 2005 1:07 PM
To: Gustavo Novais; lab
Subject: Re: user <user> secret <password> and CHAP doubt

Turn on " Service password-encryption "

What this actually does . Is it will encrypt it so that any one who have
access to running configuration will not be able to make out .

This will work with PPP perfectly fine .

Thanks and Regards
Arun
----- Original Message -----
From: "Gustavo Novais" <gustavo.novais@novabase.pt>
To: "lab" <ccielab@groupstudy.com>
Sent: Sunday, July 24, 2005 10:01 PM
Subject: user <user> secret <password> and CHAP doubt

> Hello
>
> I'm doing a lab on which the requirement is that we use CHAP
> authentication, but on one of the involved routers the username for
> the remote must be stored as such you shouldn't be able to decode the
> password from the config.
>
> This points me to user XXX secret pass, which encrypts the pass with
> MD5.
> The thing is, as stated on
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121new
> ft
> /121limit/121e/121e8/8e_md5.htm
>
> CHAP doesn't "like" that we store the passwords as MD5, It needs them
> to be on plain text so he can derive its own md5 challenge.
>
> I can turn around the issue by simply not authenticating the remote
> side, thus no need of local username, and then it can be whatever I
> want. But I think this ugly...
>
> this appeared on IPexpert challenge 26, ISDN question.
>
> Any thoughts?
>
> TIA
>
> Gustavo
>
> PS. I can also see what is the hash of the password and use the hash
> instead of the password, and store it as plain text, but this would be
> even uglier...
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Dillon Yang: "Re: lesson from failure"
• Previous message: Scott Morris: "RE: user <user> secret <password> and CHAP doubt"
• Maybe in reply to: Gustavo Novais: "user <user> secret <password> and CHAP doubt"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3