SRX

last person joined: yesterday 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  Encryption of Pre-shared key in config file

    Posted 02-15-2012 16:32

    Hi,

    I've seen a strange behaviour on the config file of SRX100.

    I have 2 SRX 100 as remote gate.

    On each I enter the command: set security ike policy my_IKE_POL pre-shared-key asci-text mypsk

     

    I commit and it generate: set security ike policy my_IKE_POL pre-shared-key encrypted "$9$blablabla" on device 1

    and set security ike policy my_IKE_POL pre-shared-key encrypted "$9$blobloblo" on device2

     

    Now, if I copy/paste the set security ike policy my_IKE_POL pre-shared-key encrypted "$9$blablabla" on device 2and commt the vpn is still working

     

    How is it possible?

    How are encrypted the pre-shared keys?

     

    Regards

     



  • 2.  RE: Encryption of Pre-shared key in config file

    Posted 02-16-2012 00:07

    Hi

     

    They are doing some sort of scrambling ("vinegret algorithm", AFAIK) to save passwords

    in the configuration. Some randomization is used so the same password will look different

    in the config every time, but anyway $9$ passwords can always be decrypted

     

    http://password-decrypt.com/

     

    Note that $1$ passwords in the config are hashes and can not be decrypted this way.