RE: Cracking a Netscreen password

From: Ben Nagy (ben@iagu.net)
Date: Wed Sep 10 2003 - 12:08:43 EDT


I don't have a netscreen I can play with at the moment.

Do you get anything nice if you try known plaintext stuff? Try this kind of
thing for user/pass combos: aaa aaa, bbb bbb, aaa aab, aaa bbb, bbb aaa....

Also, it might be easier to see stuff if you pull out the fixed characters
when comparing.

The more useful usernames and passwords you can post the better people's
chances will be (but random ones help less than structured pairs).

This smells of obfuscation rather than encryption...

Cheers,

ben

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT