Re: Extreme Networks password hash

---------------------------------------
configure account admin encrypted
452tVo$nEbHpfJFTUGyBrqmtY8q3.
452tVo$nEbHpfJFTUGyBrqmtY8q3.
create account user "user" encrypted "yN/tVo$ARBcY8KlQBq.lvJg2nc5F."
--------------------------------------

I don't know of any tools for this specific hash, but if you're trying
to work out the algorithm, there's a few questions that need answered.
First off, this looks a lot like base64 encoding right? But not
quite...

Base64 strings are generally made up of the [A-Za-z0-9/+=] character
set, with '=' being a padding character. Your strings have mysterious
'.' and '$'. Why? I've seen variants of base64 where '/', '+', and/or
'=' are simply translated to another character because these are
inconvenient in the specific context. For instance on your command
line, perhaps '=' and '+' are operators and it's a pain to escape them.
One of your hashes has a '/' so '.' may map to equals or plus.

Now as for your '$', it could also map to equals or plus, but it's quite
the coincidence that the $ appears at the same position in both hashes.
I suspect it's simply a delimiter to separate a salt from the hash. The
padding seems a little wonky, but you could have a base64 encoded salt
of say 32 bits, followed by a hash of perhaps 128 bits. Just depends on
how what you think the '.' character is all about. More example hashes
would be helpful here.

good luck,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Re: password protect pen drive
    ... Yes, hashes can be brute-forced, but can they all have a rainbow table associated with them? ... if the product is making a hash of what ... I am aware of Rainbow Tables that are in excess of 54 character hashes ...
    (Security-Basics)
  • RE: Cisco Catalyst 4006 CatOS Password Hash
    ... > Hi Miles.. ... > Shouldn't the length of the hash be longer in case of this? ... The hashes have exactly 22 characters after the last dollar sign... ... y = a 22 character MD5 hash ...
    (Pen-Test)
  • Re: People ~Fing with Life
    ... That is what the charge was. ... hash values and the like'. ... this data area had no corresponding entry in the allocation tables. ... Hashes are used for the purposes of error correction ...
    (uk.legal)
  • RE: [7.8.2002 44916] Notice of Copyright Infringement]
    ... Appending a single bit onto the end of the file makes a different hash. ... and you no longer match the hashes. ... The only way to prove you're breaking copyright is to download at ... |"real" warezed version of whatever movie. ...
    (Vuln-Dev)
  • Re: "index" efficiency... any help or ideas?
    ... > That's still a lot of checking; with a good hash, ... byte number of possibilities for character ... absolute jump address to the handler for that command... ... then the pointer is an offset relative to ...
    (alt.lang.asm)