[j-nsp] Decode $9$ encrypted Junos secrets

[Matt Hite]

Greetings,

Threw this together a few days ago to recover $9$ encrypted Junos
passwords (RADIUS secrets, BGP MD5's, etc.).

It is ported from this Perl library:

http://cpansearch.perl.org/src/KBRINT/Crypt-Juniper-0.02/lib/Crypt/Juniper.pm

to a Python 2.7 script:

https://github.com/mhite/junosdecode

Remember to escape your $'s on the CLI when launching the script:

$ ./junosdecode.py \$9\$U-iqf36A1cSTzRSreXxDik.Tzn/CuBI
junos password decrypter
python version by matt hite
original perl version by kevin brintnall

encrypted version: $9$U-iqf36A1cSTzRSreXxDik.Tzn/CuBI
decrypted version: ju&iper123

Thanks,

-M
_______________________________________________
juniper-nsp mailing list junip...@puck.nether.net
https://puck.nether.net/mailman/listinfo/juniper-nsp

[David Lockuan]

Thanks Matt,

This is a good tool.

Best regards,

---
David

[Matt Hite]

No problem -- glad to share.

It's interesting to note just how many things are stored in $9$
encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5
secrets, etc.

-M

[Phil Shafer]

Matt Hite writes:
>It's interesting to note just how many things are stored in $9$
>encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5
>secrets, etc.

It's really obfuscation, not encryption. These are values that
have to be available in raw form to various software components.
So we have this "unreadable" type that obfuscates the values so
someone looking over your shoulder won't immediately know your
secrets.

In contrast, user passwords are encrypted in a "one way" method
using the normal md5 hash marker ("$1$"). These cannot be
reversed like the $9$ values.

Thanks,
Phil

[Matt Hite]

On Tue, Mar 20, 2012 at 10:54 AM, Phil Shafer <ph...@juniper.net> wrote:
> Matt Hite writes:
>>It's interesting to note just how many things are stored in $9$
>>encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5
>>secrets, etc.
>
> It's really obfuscation, not encryption.  These are values that
> have to be available in raw form to various software components.
> So we have this "unreadable" type that obfuscates the values so
> someone looking over your shoulder won't immediately know your
> secrets.
>
> In contrast, user passwords are encrypted in a "one way" method
> using the normal md5 hash marker ("$1$").   These cannot be
> reversed like the $9$ values.

Absolutely. Your clarification is appreciated.

-M

[Chris Cappuccio]

For one-way hash:

http://www.openwall.com/john/

Matt Hite [li...@beatmixed.com] wrote:
> On Tue, Mar 20, 2012 at 10:54 AM, Phil Shafer <ph...@juniper.net> wrote:
> > Matt Hite writes:
> >>It's interesting to note just how many things are stored in $9$
> >>encrypted format: RADIUS secrets, IS-IS authentication keys, BGP MD5
> >>secrets, etc.
> >

> > It's really obfuscation, not encryption. ?These are values that

> > have to be available in raw form to various software components.
> > So we have this "unreadable" type that obfuscates the values so
> > someone looking over your shoulder won't immediately know your
> > secrets.
> >
> > In contrast, user passwords are encrypted in a "one way" method

> > using the normal md5 hash marker ("$1$"). ? These cannot be

> > reversed like the $9$ values.
>
> Absolutely. Your clarification is appreciated.
>
> -M
>
> _______________________________________________
> juniper-nsp mailing list junip...@puck.nether.net
> https://puck.nether.net/mailman/listinfo/juniper-nsp

--
The language of the totalist environment is characterized by the thought-terminating cliche. The most far-reaching and complex of human problems are compressed into brief, highly reductive, definitive-sounding phrases, easily memorized and easily expressed. These become the start and finish of any ideological analysis. - Robert Jay Lifton