RE: Cracking a Netscreen password

From: Chris Ess (
Date: 09/13/03

  • Next message: Chris Ess: "RE: Cracking a Netscreen password"
    Date: Sat, 13 Sep 2003 00:56:37 -0400 (EDT)
    To: Ranjeet Shetye <>

    > After removing the always-CAPS letters, you get:
    > [A-Za-z0-9/+]{2,2} -> the whole expression repeated a total of 8 times.
    > = [A-Za-z0-9/+]{16,16}
    > = 8 bits * 16
    > = 128 bit hash
    > = MD5 ?

    I am no expert. That aside:

    The string appears to be base64 encoded. However, from the Digest::MD5
    man page: "A base64 digest will be 22 characters long."

    Even if you include the always-caps letters, you have 24 characters.

    I've been meaning to go through the examples given by everyone else but
    haven't had the time to date. Maybe tomorrow...

    Since this is more-than-likely a hashed password, Netscreen can add on any
    sort of random permutations they feel like because all they need to do is
    ensure that the end result of their function matches what they have stored
    in memory for the password. (For a matching example, unix MD5 passwords
    are not just hashed with MD5 but also use additional transforms.)

    Since the always-capital letters change themselves when the username or
    password are changed, I think that these should not be excluded during an
    analysis of the algorithm since they could be indicative of something

    I suppose that I should take a look at the MD5 algorithm to see how it
    generates the hash because that could be useful.


    Chris Ess
    System Administrator / CDTT (Certified Duct Tape Technician)

    FREE Trial!
    New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
    and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
    technology powered by the award-winning FoundScan engine. Try it free for 21 days at:

  • Next message: Chris Ess: "RE: Cracking a Netscreen password"

    Relevant Pages

    • RE: How secure is a password and how many characters does it allow?
      ... How secure is a password and how many characters does it ... You say that adduser uses DES, while the system defaults to MD5. ... it was stated that the Blowfish hash is faster. ...
    • Re: Redhat shadow file.
      ... I think it is a salted MD5. ... It is possible that the $$ part is six characters of random ... cryptographic salt, expressed in Base-64. ... You might also try asking in a forum dedicated to Redhat Linux as they ...
    • Re: MD5 as session key
      ... > What's the downside, if any, of just using an MD5 as a key? ... only 16 characters of the entire 255 ASCII characters. ... bias since it exponentially simplifies bruteforce cracking. ... characters like space and letters g-z or G-Z or any other character. ...
    • Re: MD5 as session key
      ... >> ASCII characters. ... When you run them through MD5, ... >longer than a brute force search on a 16 byte key using printable ASCII. ...
    • Re: Logins without full password!
      ... How would one change over from DES to MD5? ... >>I just noticed that on one of my FreeBSD machines, one is able to login ... >>any means by typing in only the first 8 or so characters of the password. ...