Options
MD5 Hash V Level 7
MrXpert
Member Posts: 586 ■■■□□□□□□□
in CCNA & CCENT
I was watching Chris Bryants Train Signal videos and he mentions in one of them that level 7 encryption used by the service encryption command is stronger than MD5 hash. I believe that isn't true because an MD5 is 128 bit and one way. It is impossible to reverse engineer it.At least thats what my security+ studies taught me.
can anyone confirm this.
can anyone confirm this.
I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
Comments
-
Options
ipSpace
Member Posts: 147
If you are refering to type 7 password encryption then you are correct. MD5 is much better.
MD5 cannot be reversed engineered, but there is something called rainbow tables, that can make it really easy to hack.
Rainbow table - Wikipedia, the free encyclopedia
Free Rainbow Tables » Distributed Rainbow Table Generation » LM, NTLM, MD5, SHA1, HALFLMCHALL, MSCACHE
My Network & Security Blog with a focus on Fortigate. New post on how to create a fortigate ssl vpn. -
Options
BrizoH
Member Posts: 73 ■■■□□□□□□□
Does he really say that? I'd be surprised, the algorithm used for type 7 is very easily reversed -
Optionslrb
Member Posts: 526
And here's an even cooler way to grab the type 7 passwords without having a tool to do it:
down-rt(config)#service password-encryption
down-rt(config)#username techexams password techexams.com
down-rt(config)#exit
down-rt#sh run | i username
username techexams password 7 09584B0A11000F13061F4A292429
down-rt#conf t
Enter configuration commands, one per line. End with CNTL/Z.
down-rt(config)#key cha
down-rt(config)#key chain techexams
down-rt(config-keychain)#key 1
down-rt(config-keychain-key)#key
down-rt(config-keychain-key)#key-string 7 09584B0A11000F13061F4A292429
down-rt(config-keychain-key)#end
down-rt#
*Mar 1 00:02:17.371: %SYS-5-CONFIG_I: Configured from console by console
down-rt#sh run | i username
username techexams password 7 09584B0A11000F13061F4A292429
down-rt#sh key c
down-rt#sh key chain
Key-chain techexams:
key 1 -- text "techexams.com"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now] -
OptionsBrizoH
Member Posts: 73 ■■■□□□□□□□
And here's an even cooler way to grab the type 7 passwords without having a tool to do it:
down-rt(config)#service password-encryption
down-rt(config)#username techexams password techexams.com
down-rt(config)#exit
down-rt#sh run | i username
username techexams password 7 09584B0A11000F13061F4A292429
down-rt#conf t
Enter configuration commands, one per line. End with CNTL/Z.
down-rt(config)#key cha
down-rt(config)#key chain techexams
down-rt(config-keychain)#key 1
down-rt(config-keychain-key)#key
down-rt(config-keychain-key)#key-string 7 09584B0A11000F13061F4A292429
down-rt(config-keychain-key)#end
down-rt#
*Mar 1 00:02:17.371: %SYS-5-CONFIG_I: Configured from console by console
down-rt#sh run | i username
username techexams password 7 09584B0A11000F13061F4A292429
down-rt#sh key c
down-rt#sh key chain
Key-chain techexams:
key 1 -- text "techexams.com"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
Nice, I'm stealing a copy of that one
-
Options
SdotLow
Member Posts: 239
Google - level 7 password crack
IFM - Cisco Password Cracker
Top of the list. Saw the guy do that in the CBT nugget video when describing how useless the encryption is in the grand scheme of things.
In regards to MD5, I thought SHA1 was superior? And I was pretty sure MD5 could be cracked. -
OptionsMrXpert
Member Posts: 586 ■■■□□□□□□□
thanks for confirming this. I have heard of rainbow tables. I think also you can goto various password level 7 cracker websites which make the job easy.I'm an Xpert at nothing apart from remembering useless information that nobody else cares about.
