Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <3eb4874cd3500ee01493231a35d2ed89@smtp.hushmail.com>
Date: Fri, 12 Apr 2013 20:42:45 +0200
From: magnum <john.magnum@...hmail.com>
To: john-users@...ts.openwall.com
Subject: Re: Cisco ACS username:  hash or crypt or....   and de-encoding?

On 12 Apr, 2013, at 19:38 , Leif Sawyer <lsawyer@....com> wrote:

> I looked through the archives but didn't see anything related...
> 
> For Cisco ACS 5, in the CLI administration, a "repository" is defined for the system
> to pull or push backups and patches.
> 
> Part of the repo definition is an optional username and password (for ftp, say),
> and is defined thusly:
> 
> ACS(config)#  repository test-ftp
> ACS(config-repository)#   user TestUser password plain abc123
> 
> which looks like this afterward:
> 
> ACS(config)# do sho run | include TestUser
>  user Testuser password hash 0c5eadecc96d64ebe2b9e1d3b636d6053e3898bb
> 
> I noted that Cisco calls it a 'hash'  -- but since it needs to be cleartext for the ftp process to use it,
> wouldn't this be a misnomer?

I think so.

> In any case,  here's a handful of different  passwords and hashes, in case somebody can
> do something with it:

I think we need these cases as well:

a) two different usernames but with same password
b) two different passwords but with same username

magnum

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.