Radius Password Decryption BSDI BSD/OS 3.0 How to?
Hi there. We have an old BSD Server running our Radius Authentication for Dialup & ISDN Users. Since this server could possibly DIE at any moment because of it's age, we would like to migrate this info over to a newer Linux or Windows Server. What were looking for is some info on how to decrypt these passwords without trying to call every dialup person in our system telling them to give us a new password. We'd like to re-enter it into another system, and make the transition invisible to the end user.
The version BSD is BSDI BSD/OS 3.0
I don't know much about Unix-Type OS, I'm just learning. I can move around the system, add users, dns, etc..
I'm not sure if this is even enough info to get started.
Any input would be appreciated.
-Tom
ASKER
I'm not sure how to tell what Radius program we use. All we do is telnet to the server, go into SUper mode, and type "rpasswd <username>" If I type "rpasswdadm" it runs through the entire user listing with the passwords encrypted.
-Tom
-Tom
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks for the info, I'll research it a bit more, and it just may take more time then expected using john-the-ripper... We'll see.
(mobile P4)
# john --test
Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE
Many salts: 22886 c/s real, 23066 c/s virtual
Only one salt: 22630 c/s real, 22665 c/s virtual
There are 95 keyboard entered characters.
95^8=6634204312890625
and you have to use 10000 years to bruteforce that one.
hopefully your system has classic DES which is decrypted 30 times faster and 6char passwords will take couple of weeks.
# john --test
Benchmarking: BSDI DES (x725) [64/64 BS MMX]... DONE
Many salts: 22886 c/s real, 23066 c/s virtual
Only one salt: 22630 c/s real, 22665 c/s virtual
There are 95 keyboard entered characters.
95^8=6634204312890625
and you have to use 10000 years to bruteforce that one.
hopefully your system has classic DES which is decrypted 30 times faster and 6char passwords will take couple of weeks.
ASKER
Thanks again.. I D/L'd JTR last night and started the decryption. They are DES, and it has completed about 70 out of 170 passwords after 10 hrs. Not bad.. Most of the people used genric words like their login name or something of that nature... So if I can get most of them, that would be better then resetting everyone.
-Tom
-Tom
Yes.
Another thing - if you have non-english people, go get their dictionary files for better success.
Probably standard DES is usable with cistron radiusd(not secure, as you noticed, but usable)
In theory passwords can be converted whenever entered, but no software does this out of the box.
Another thing - if you have non-english people, go get their dictionary files for better success.
Probably standard DES is usable with cistron radiusd(not secure, as you noticed, but usable)
In theory passwords can be converted whenever entered, but no software does this out of the box.
In other cases you should use something like john-the-ripper or crack on properly converted password database. It will take ages.