cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8082
Views
0
Helpful
4
Replies

ASA username password encryption ?? What type of hash is it?

rodsculthorp66
Level 1
Level 1

I am generating configuration files for customer equipment from a perl script and everything works fine, but I do not feel comfortable embedding passwords in plain text. I am expecting that the customer may have to load some of the configs and it does not follow good security practices to leave the passwords un-encrypted.  I have been able to work out the process of hashing passwords fed in from the command line for standard router and switches that use the IOS MD5, and the Type 7 hash used for radius keys, but I have no idea what the crypto method is for the ASA user accounts.  I have been working through several of the known hash types to try and match output to a known input, but since I do not know if the algorithm is static or dynamic, I do not know if I will find a match.

 

Anyone have any insight in to what algorithm is used for the hash?

 

Thanks,

 

Rod

4 Replies 4

David paull
Level 1
Level 1

It's probably PIX-MD5 no salt.

I will try that and let you know.

Marvin Rhoads
Hall of Fame
Hall of Fame

As best as I know, it's a variant of base-64 encoded MD5 hash.

Cisco doesn't publish the method but some folks assert you can recreate the password programmatically. Reference.

I have read through a couple of write-ups on this and one seemed interesting in that it referenced a MD5 has (16 or 32 character maximum, depending on the version of IOS) and a 4 character hash based on the first four characters of the username.  If I get a chance, I will try this, but it is a heck of a lot harder to code in for a script to pass in through the command line.

Review Cisco Networking for a $25 gift card