Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Regarding Encryption Type In PIX and ASA

Posted on 2009-03-31
4
1,202 Views
Last Modified: 2013-11-22
Dears,
i won't to know is hte type of  encryption when i write this command is storng and cannot be broken easily or not ?
MyFW(Config)#username abcd password test

because after using this command :
MyFW(Config)#show running-config username

the output is :
username abcd password PSAvSeHRPqajh/Vi encrypted


so if someone knows PSAvSeHRPqajh/Vi  can he figure the password ?

BR,

0
Comment
Question by:sfda_soc
  • 2
4 Comments
 
LVL 16

Expert Comment

by:2PiFL
ID: 24027902
Cisco used to offer a "tool" to de-crypt passwords so the short anwser is yes.  However, they would need access to the firewall and both passwords.  
0
 

Author Comment

by:sfda_soc
ID: 24049982
even so i would like to know what type of encryption is
because maybe my running-configuration file leaked and then anyone can take advantage of it....
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24050171
The service password-encryption global configuration command uses a simple Vigenère cipher which is designed to protect your passwords from casual observers.  It is not designed to withstand any seriuos hack attempt.

The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing.  This algorithm is very secure but can be subject to a dictionary attack.

Check out the "Password management" section of this Cisco article:
 http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
0
 
LVL 5

Accepted Solution

by:
shirkan earned 500 total points
ID: 24139453
Username encryption in ASA and PIX cannot be reverse decrypted - the Tool is for routers not Firewalls

There is no tool currently available to HACK Cisco Pix and ASA Firewall PW encryption

BUT of course if someone has both, they can run a dictionary or bruteforce or rainbow table attack till it matches, so choose a pw wisely and especially a long one which then makes above mentioned attacks useless because the time it would take to run through all the possible combinations
especially avoid passwords that are in any dictionary instead choose a PW with a combination of numbers, lower case and capital letters and special symbols like !, $ etc. and use at least 16 digits

then there is no real chance someone could brutefore it - today that is, as there is not enough processor power available world wide to do just that
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Comments needed on ransomware & mitigation methods 12 164
Windows 10 4 70
Virus Kronos 4 102
how can I resolve Threat Has Been Detected message by AVAST? 4 166
So you got the Conficker. You could go to each machine and run the eye chart test (http://www.confickerworkinggroup.org/infection_test/cfeyechart.html), but in a bigger environment, or if you prefer to work smarter and not harder, you need some …
The purpose of this Article is to provide information for a newly released variant of malware – with the assumption that many EE Members will have need of the information. According to “Computerworld”, well over one million web sites have been co…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question