Re: Cisco Catalyst 4006 CatOS Password Hash
From: Anders Thulin (Anders.Thulin_at_kiconsulting.se)
Date: 12/12/03
- Previous message: Achim Dreyer: "RE: XSS with encrypted cookie?"
- In reply to: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
- Next in thread: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 12 Dec 2003 08:30:07 +0100 To: Paul Bakker <bakker@fox-it.com>
Paul Bakker wrote:
> The issue is: I need to determine if it is a raesonable password without them giving me the password...
> How can I determine this if I cannot throw a password cracking tool against it?
Brute force login attempts come to mind.
Even with a password cracker, you can't say for sure: $2$ is used to
indicate blowfish on some platforms. But unless you know this particular
platform follows that convention, you won't be able to interpret a failure
to crack the password.
Some preliminary tests to verify the Blowfish hypothesis seem called for.
-- Anders Thulin anders.thulin@kiconsulting.se 040-661 50 63 Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden --------------------------------------------------------------------------- ----------------------------------------------------------------------------
- Previous message: Achim Dreyer: "RE: XSS with encrypted cookie?"
- In reply to: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
- Next in thread: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
