RE: Cisco Catalyst 4006 CatOS Password Hash

From: Paul Bakker (
Date: 12/11/03

  • Next message: Achim Dreyer: "RE: XSS with encrypted cookie?"
    Date: Thu, 11 Dec 2003 10:01:46 +0100
    To: "Miles Stevenson" <>

    Correction from myself...
    > Hi Miles..
    > Shouldn't the length of the hash be longer in case of this?
    > MD5 hashes are 16 bytes and SHA-1 hashes are 20 bytes...
    > These hashes only have 16 bytes after the last $ sign...

    The hashes have exactly 22 characters after the last dollar sign...
    The same as the Cisco IOS passwords that have:
    x = a 4 character salt
    y = a 22 character MD5 hash

    These are identical (4 + 22) but with $2$ at the start...

    Paul Bakker


  • Next message: Achim Dreyer: "RE: XSS with encrypted cookie?"

    Relevant Pages

    • Re: password protect pen drive
      ... Yes, hashes can be brute-forced, but can they all have a rainbow table associated with them? ... if the product is making a hash of what ... I am aware of Rainbow Tables that are in excess of 54 character hashes ...
    • Re: "index" efficiency... any help or ideas?
      ... > That's still a lot of checking; with a good hash, ... byte number of possibilities for character ... absolute jump address to the handler for that command... ... then the pointer is an offset relative to ...
    • Re: Help with Streams
      ... In particular, it's actually extremely inconvenient to maintain a mapping between the reader and stream positions, and doing so would perform very poorly in any case, because you would have to decode the bytes to characters one at a time. ... You could still buffer the stream data into a byte buffer, but even the overhead of having to call the encoder one character at time would be very noticeable. ... It'd probably be easier to just open the file twice and have my hash routine figure out where it needs to go. ... If it's the latter, then you could actually encode the search string itself into the bytes representing that string, and then scan the stream bytes for a matching sequence of bytes. ...
    • Re: Password hashes
      ... There is no such thing as an NTLMV2 hash. ... While I am a believer of enforcing complex passwords the bigger issue is if ... computers you need to review the physical security of your computers. ... > broken up into two 7 character units. ...
    • Re: Password hashes
      ... How to prevent Windows from storing a LAN manager hash of your ... | broken up into two 7 character units. ... It places only one character in the second hash. ... | the LM column as *empty* and won't even try to crack it. ...