Re: Cisco Catalyst 4006 CatOS Password Hash

From: Anders Thulin (Anders.Thulin@kiconsulting.se)
Date: Fri Dec 12 2003 - 02:30:07 EST

• Next message: Lachniet, Mark: "Example of XSS cookie stealing code?"
• Previous message: Achim Dreyer: "RE: XSS with encrypted cookie?"
• In reply to: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
• Next in thread: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Paul Bakker wrote:

> The issue is: I need to determine if it is a raesonable password without them giving me the password...
> How can I determine this if I cannot throw a password cracking tool against it?

   Brute force login attempts come to mind.

   Even with a password cracker, you can't say for sure: $2$ is used to
indicate blowfish on some platforms. But unless you know this particular
platform follows that convention, you won't be able to interpret a failure
to crack the password.

   Some preliminary tests to verify the Blowfish hypothesis seem called for.

-- 
Anders Thulin   anders.thulin@kiconsulting.se   040-661 50 63	
Ki Consulting AB, Box 85, SE-201 20 Malmö, Sweden
---------------------------------------------------------------------------
----------------------------------------------------------------------------

• Next message: Lachniet, Mark: "Example of XSS cookie stealing code?"
• Previous message: Achim Dreyer: "RE: XSS with encrypted cookie?"
• In reply to: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
• Next in thread: Paul Bakker: "RE: Cisco Catalyst 4006 CatOS Password Hash"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:44 EDT