Solved

Regarding Encryption Type In PIX and ASA

Posted on 2009-03-31
4
1,198 Views
Last Modified: 2013-11-22
Dears,
i won't to know is hte type of  encryption when i write this command is storng and cannot be broken easily or not ?
MyFW(Config)#username abcd password test

because after using this command :
MyFW(Config)#show running-config username

the output is :
username abcd password PSAvSeHRPqajh/Vi encrypted


so if someone knows PSAvSeHRPqajh/Vi  can he figure the password ?

BR,

0
Comment
Question by:sfda_soc
  • 2
4 Comments
 
LVL 16

Expert Comment

by:2PiFL
ID: 24027902
Cisco used to offer a "tool" to de-crypt passwords so the short anwser is yes.  However, they would need access to the firewall and both passwords.  
0
 

Author Comment

by:sfda_soc
ID: 24049982
even so i would like to know what type of encryption is
because maybe my running-configuration file leaked and then anyone can take advantage of it....
0
 
LVL 16

Expert Comment

by:2PiFL
ID: 24050171
The service password-encryption global configuration command uses a simple Vigenère cipher which is designed to protect your passwords from casual observers.  It is not designed to withstand any seriuos hack attempt.

The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing.  This algorithm is very secure but can be subject to a dictionary attack.

Check out the "Password management" section of this Cisco article:
 http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
0
 
LVL 5

Accepted Solution

by:
shirkan earned 500 total points
ID: 24139453
Username encryption in ASA and PIX cannot be reverse decrypted - the Tool is for routers not Firewalls

There is no tool currently available to HACK Cisco Pix and ASA Firewall PW encryption

BUT of course if someone has both, they can run a dictionary or bruteforce or rainbow table attack till it matches, so choose a pw wisely and especially a long one which then makes above mentioned attacks useless because the time it would take to run through all the possible combinations
especially avoid passwords that are in any dictionary instead choose a PW with a combination of numbers, lower case and capital letters and special symbols like !, $ etc. and use at least 16 digits

then there is no real chance someone could brutefore it - today that is, as there is not enough processor power available world wide to do just that
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

12 Steps to a more secure Internet experience (http://tekblog.teksquisite.com/) Everyone who is a licensed driver initially had to pass a driving test that consisted of taking:    1. a written test    2. a road test    3. a vision test Le…
By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now