Date: Fri, 20 Jun 2008 12:59:34 +0200 From: "Samuel Moñux" <smonux@...il.com> To: john-users@...ts.openwall.com Subject: NetscreenOS passwords Hello everyone, I have made a little patch for auditing Netscreen OS passwords. It's not very efficient and probably doesn't meet the code quality standards of John the ripper's, but it may be of help to someone, or the seed for a better implementation. I haven't tested it on big endian machines so probably it's not endian-safe. I became intrigued about the format of Netscreen passwords, since it was undocumented, and had clear signs of obfuscation. I did my research decompiling a Java application called NSM (Netscreen Security Manager). Since the bytecode files were not obfuscated, it was very easy to find how the password was generated. After doing this, I found that someone had already done it the hard way, but without publishing his "John the ripper" patch, which seemed an interesting exercise. NetscreenOS passwords are basically raw MD5, where the username and a constant string(":Administration Tools:") are used as the salt. The 128 bits MD5 hash is mapped to characters in the range [A-Za-z0-9+/] in a weird manner: every 16 bits word is splitted in 3 parts of 4bits, 6bits and 6bits. These parts are used as indexes in an array which contains every character in that range. After that, a further obfuscation is performed. The characters of the string "nrcstn"(netscreen without the vowels and reversed) are interpolated in certain positions. The final password looks like this: nMjFM0rdC9iOc+xIFsGEm3LtAeGZhn As I said, I hope it may be of help to someone. It was fun to do the research and the coding. Best regards, Samuel  http://esec.fr.sogeti.com/blog/dotclear/?2008/01/03/23-chiffrement-des-mots-de-passe- netscreen -3-3-analyse-de-la-fonction-de-chiffrement-et-cassage-des-mots-de-passe Content of type "text/html" skipped View attachment "john-1.7.2-netscreen-1.diff.txt" of type "text/plain" (16542 bytes) -- To unsubscribe, e-mail john-users-unsubscribe@...ts.openwall.com and reply to the automated confirmation request that will be sent to you.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.