Ciscos VPN-Client-Passwords can be decrypted

From: Thierry Zoller (Thierry_at_sniff-em.com)
Date: 10/16/05

  • Next message: alljer_at_gmail.com: "Yahoo RSS XSS Vulnerability (Correction)" 
    Date: Sun, 16 Oct 2005 21:28:41 +0200
To: full-disclosure@lists.grok.org.uk

    Dear List,

    [1] heise published a news article today.
    [2] EvilScientists reverse engineered the algorithm Cisco uses to _obscufate_ the
        passwords.
    [3] PoC

    Summary :
    Cisco uses 3des to encrypt the passwords, however it does so using
    a deterministic encryption sheme (no user input) and thus must be
    reproducible.

    The algorithm [2] found was as follows :

    * GetDate - convert to string
    * Generate an SHA Hash from that string h1 (20 Bytes)
    * h1 is modified into Hash h2
    * h1 is modified into Hash h3
    * h2 and the first 4 Bytes from h3 give the 3DES Key
    * The clear text password no encrypted in 3DES CBC Mode. The IV is the first 8 Bytes of h1.
    * If the size of the clear text password is not a multiple of the
      Block size, the differece to the next block is calculcated and padded
      with a Digit. -> length of password is known
    * A last hash is calculated from the encrypted Password h4
    * The value of the Key “enc_UserPassword” is: h1|h4|verschlüsseltes Passwort

    Credits:
    [1] http://www.heise.de/newsticker/meldung/64954
    [2] http://evilscientists.de/blog/?page_id=339
    [3] http://www.evilscientists.de/blog/?dl=CiscoPasswordRevealer.rar
    I take no credit I am only translating and forwarding. 

    -- 
Thierry Zoller
http://thierry.sniff-em.com
  • Next message: alljer_at_gmail.com: "Yahoo RSS XSS Vulnerability (Correction)"

    Relevant Pages

    • [Full-disclosure] Ciscos VPN-Client-Passwords can be decrypted
      ... EvilScientists reverse engineered the algorithm Cisco uses to _obscufate_ the ... Cisco uses 3des to encrypt the passwords, ... Generate an SHA Hash from that string h1 ... Credits: ...
      (Full-Disclosure)
    • RE: Can Kerberos be cracked??
      ... Subject: Can Kerberos be cracked?? ... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ...
      (Focus-Microsoft)
    • RE: Can Kerberos be cracked??
      ... If you were able to decrypt the timestamp ... As for your assumption about the hash being as good as the password, ... > encrypt the timestamp) still be susceptible to brute-force> using dictionary ... The server doesn't actually know what the user's>>password is, ...
      (Focus-Microsoft)
    • Re: Can Kerberos be cracked??
      ... encrypt the timestamp) still be susceptible to brute-force using dictionary ... Secondly, even without the actual password known, wouldn't juz the hash (let ... The server doesn't actually know what the user's ...
      (Focus-Microsoft)
    • Re: Can Kerberos be cracked??
      ... > against the encrypted timestamp. ... > As for your assumption about the hash being as good as the password, ... >> encrypt the timestamp) still be susceptible to brute-force ... The server doesn't actually know what the user's ...
      (Focus-Microsoft)