RE: Cracking a Netscreen password

From: Lluis Mora (llmora@sentryware.com)
Date: Wed Sep 10 2003 - 14:20:43 EDT


Hi there,

This is my guess at the Netscreen password encryption scheme:

- Looking at the charset in use ("a-zA-Z0-9+/") it looks like a base64
encoded text.

- The beginning and trailing "n" characters are probably used for Netscreen
to determine whether one of these strings is an actual password (e.g. to
detect bad formatted encrypted passwords when config files are synchronized
between different units).

- Removing both "n" from the beginning and the end, leaves us with a 28
bytes base64 string, which decodes to a 21 bytes (168 bits) string, the key
length of 3DES encryption, which is unlikely due to two factors:

  * Encrypting a few different passwords show that the encrypted output
strings share about 40bits of information (e.g. bits in the same positions
set to the same values), a far from random output - this is why some bytes
in the base64 encoded string are shared amongst all passwords (e.g. the 7th
char is always an "r"), as Marc has pointed out.

  * Length of ciphertext is independent from input (the plaintext password
ranges from 0 to 31 characters, but the output has always the same length),
which hints to the usage of a hash function. This is, if 3DES was in use, a
31 characters password will mean at least encrypting 248bits, giving an
output of 4 x 64-bit 3DES blocks (far too much information to hold in 168
bytes).

So, I would say the algorithm is something along these lines:

  encoded_string = base64(hash(plaintext) + randomdata)

This is just a guess, I might be -probably- wrong. Any more ideas anyone?

Cheers,

Lluis
.

> -----Mensaje original-----
> De: Marc Ruef [mailto:maru@scip.ch]
> Enviado el: lunes, 08 de septiembre de 2003 13:23
> Para: mike@genxweb.net
> CC: pen-test@securityfocus.com
> Asunto: RE: Cracking a Netscreen password
>
>
> Dear Mike,
> Dear List,
>
> > The netscreen definitely uuses a md5 hash on the configs. You can
> > download a m5 brute force tool and let it run on the file.
>
> Hmm, I can't acknowledge this statement.
>
> If I start MDcrack v1.2 on my Windows box with the hash as parameter,
> I'll get an error "A md5 digest must have 16 bytes length (32 ascii
> digits from 0 to F)."
>
> All my passwords have the following structure:
>
> - All of them have a lenght of 30 chars
> - All of them begin and end with an "n"
> - The 2nd char is always capitalized
> - The 7th char is always an "r"
> - The 13th char is always an "c"
> - The 18th char is always an "s"
> - The 24th char is always an "t"
> - The chars a-z, A-Z and a few special chars (e.g. + and /) are used
>

---------------------------------------------------------------------------
FREE Trial!
New for security consultants and in-house pros: FOUNDSTONE PROFESSIONAL
and PROFESSIONAL TL software. Fast, reliable vulnerability assessment
technology powered by the award-winning FoundScan engine. Try it free for 21 days at: http://www.securityfocus.com/sponsor/Foundstone_pen-test_030825
----------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:39 EDT