Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
1
Replies

scrypt on 3750x

John Hawley
Level 1
Level 1

‎01-14-2014 09:41 AM - edited ‎03-07-2019 05:33 PM

So I see now that the options for hashing passwords now has the scrypt (9) option.  So how do we create a hashed password that the switch will accept?

I found a perl module that can create hashes, but the ones I've created are not acceptable.

#!/usr/bin/perl -w

use Crypt::ScryptKDF qw(scrypt_raw scrypt_hex scrypt_b64);

use strict;

my $password = "cisco";

my $N;                                                                      # CPU/memory cost (has to be power of 2 and >1); DEFAULT: 2^14

my $r;                                                                      # block size parameter; DEFAULT: 8

my $p;                                                                      # parallelization parameter; DEFAULT: 1

my $len;                                                                      # length of derived key (in bytes); DEFAULT: 32

#my $key_base64 = scrypt_b64($password, $N, $r, $p, $len)

my $key_base64 = scrypt_b64($password);

print "$key_base64\n";

exit;

Sample output:

$ ./scrypt_gen.pl

GJMxtei3rED6da5JiQEeNDGsq3EOwqebRpXzRszaM6w=

Thanks,

John

1 person had this problem
Labels:
0 Helpful
1 Reply 1

John Blakley
VIP Alumni
VIP Alumni

‎01-14-2014 09:51 AM

John,

You may be better moving this to the EEM scripting forum. Those guys over there are very versed in scripting. Just to take note though, Base64 encoded strings will not be supported.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swauthen.html#wp1020685

Actually, it looks like the 3750X only supports type 5 cisco proprietary encryption:

(Optional) For

encryption-type

,  only type 5, a Cisco proprietary encryption algorithm, is available. If  you specify an encryption type, you must provide an encrypted  password—an encrypted password that you copy from another switch  configuration.

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card