Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Regarding Encryption Type In PIX and ASA

Posted on 2009-03-31
4
Medium Priority
?
1,211 Views
Last Modified: 2013-11-22
Dears,
i won't to know is hte type of  encryption when i write this command is storng and cannot be broken easily or not ?
MyFW(Config)#username abcd password test

because after using this command :
MyFW(Config)#show running-config username

the output is :
username abcd password PSAvSeHRPqajh/Vi encrypted


so if someone knows PSAvSeHRPqajh/Vi  can he figure the password ?

BR,

0
Comment
Question by:sfda_soc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 16

Expert Comment

by:2PiFL
ID: 24027902
Cisco used to offer a "tool" to de-crypt passwords so the short anwser is yes.  However, they would need access to the firewall and both passwords.  
0
 

Author Comment

by:sfda_soc
ID: 24049982
even so i would like to know what type of encryption is
because maybe my running-configuration file leaked and then anyone can take advantage of it....
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24050171
The service password-encryption global configuration command uses a simple Vigenère cipher which is designed to protect your passwords from casual observers.  It is not designed to withstand any seriuos hack attempt.

The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing.  This algorithm is very secure but can be subject to a dictionary attack.

Check out the "Password management" section of this Cisco article:
 http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
0
 
LVL 5

Accepted Solution

by:
Markus Braun earned 2000 total points
ID: 24139453
Username encryption in ASA and PIX cannot be reverse decrypted - the Tool is for routers not Firewalls

There is no tool currently available to HACK Cisco Pix and ASA Firewall PW encryption

BUT of course if someone has both, they can run a dictionary or bruteforce or rainbow table attack till it matches, so choose a pw wisely and especially a long one which then makes above mentioned attacks useless because the time it would take to run through all the possible combinations
especially avoid passwords that are in any dictionary instead choose a PW with a combination of numbers, lower case and capital letters and special symbols like !, $ etc. and use at least 16 digits

then there is no real chance someone could brutefore it - today that is, as there is not enough processor power available world wide to do just that
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

OVERVIEW This guide provides information on the process performed when the Symantec Endpoint Protection (SEP) client checks in with the Symantec Endpoint Protection Manager (SEPM). AUDIENCE Information Technology personnel responsible for suppo…
An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question