RE: Cracking a Netscreen password

From: Lluis Mora (llmora_at_sentryware.com)
Date: 09/10/03

  • Next message: ravi pina: "Re: FW1 External Ruleset validation tools?"
    To: "Marc Ruef" <maru@scip.ch>, <mike@genxweb.net>
    Date: Wed, 10 Sep 2003 20:20:43 +0200
    
    

    Hi there,

    This is my guess at the Netscreen password encryption scheme:

    - Looking at the charset in use ("a-zA-Z0-9+/") it looks like a base64
    encoded text.

    - The beginning and trailing "n" characters are probably used for Netscreen
    to determine whether one of these strings is an actual password (e.g. to
    detect bad formatted encrypted passwords when config files are synchronized
    between different units).

    - Removing both "n" from the beginning and the end, leaves us with a 28
    bytes base64 string, which decodes to a 21 bytes (168 bits) string, the key
    length of 3DES encryption, which is unlikely due to two factors:

      * Encrypting a few different passwords show that the encrypted output
    strings share about 40bits of information (e.g. bits in the same positions
    set to the same values), a far from random output - this is why some bytes
    in the base64 encoded string are shared amongst all passwords (e.g. the 7th
    char is always an "r"), as Marc has pointed out.

      * Length of ciphertext is independent from input (the plaintext password
    ranges from 0 to 31 characters, but the output has always the same length),
    which hints to the usage of a hash function. This is, if 3DES was in use, a
    31 characters password will mean at least encrypting 248bits, giving an
    output of 4 x 64-bit 3DES blocks (far too much information to hold in 168
    bytes).

    So, I would say the algorithm is something along these lines:

      encoded_string = base64(hash(plaintext) + randomdata)

    This is just a guess, I might be -probably- wrong. Any more ideas anyone?

    Cheers,

    Lluis
    .

    > -----Mensaje original-----
    > De: Marc Ruef [mailto:maru@scip.ch]
    > Enviado el: lunes, 08 de septiembre de 2003 13:23
    > Para: mike@genxweb.net
    > CC: pen-test@securityfocus.com
    > Asunto: RE: Cracking a Netscreen password
    >
    >
    > Dear Mike,
    > Dear List,
    >
    > > The netscreen definitely uuses a md5 hash on the configs. You can
    > > download a m5 brute force tool and let it run on the file.
    >
    > Hmm, I can't acknowledge this statement.
    >
    > If I start MDcrack v1.2 on my Windows box with the hash as parameter,
    > I'll get an error "A md5 digest must have 16 bytes length (32 ascii
    > digits from 0 to F)."
    >
    > All my passwords have the following structure:
    >
    > - All of them have a lenght of 30 chars
    > - All of them begin and end with an "n"
    > - The 2nd char is always capitalized
    > - The 7th char is always an "r"
    > - The 13th char is always an "c"
    > - The 18th char is always an "s"
    > - The 24th char is always an "t"
    > - The chars a-z, A-Z and a few special chars (e.g. + and /) are used
    >

    ---------------------------------------------------------------------------
    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
    ----------------------------------------------------------------------------


  • Next message: ravi pina: "Re: FW1 External Ruleset validation tools?"

    Relevant Pages

    • Re: Simple alphanumeric "encryption"?
      ... alphanumeric characters into a string that also contains only alphanumeric ... turned into a string) which is not suitable. ... Cheapie encryption XOR with a password then XORs again to get it back. ...
      (comp.lang.java.programmer)
    • Re: Byte array to string and back - newbie question
      ... // Create a symmetric algorithm. ... This is done to make encryption more ... // Encrypt a string into a string using a password ... // Decrypt a byte array into a byte array using a key and an IV ...
      (microsoft.public.dotnet.framework.aspnet.security)
    • Re: Using Python To Create An Encrypted Container
      ... an encrypted archive utility designed for secure archiving ... A match string allows you to only extract files matching a given ... Encrypt the string s using passwd and encryption cipher enc ...
      (comp.lang.python)
    • Beginners Algorithm
      ... For fun I decided to whip up an encryption algorithm using Java. ... character map technique so I could choose the valid input/output characters. ... characters in the encrypted string ...
      (sci.crypt)
    • Re: How good an encryption algorithm is this?
      ... As long as the string can be converted to/from a byte stream, ... then you can apply that after the encryption. ... > So I decided to invent my own algorithm, and I just wanted anybody's> opinion on how secure this could be compared to the Win32 API version. ... > HCRYPTHASH hCryptHash; ...
      (microsoft.public.dotnet.languages.csharp)