About Sha1 :

Hi, We have Juniper ex4200 series which was in factory default configuration. I configured the juniper router with our specifc vlan, IPs etc. And of course before configuring anything I set the root password (and committed) as below command: 1. Set system root-authentication encrypted-password nokia. These are software programs that are used to crack user passwords. We already looked at a similar tool in the above example on password strengths. The website www.md5this.com uses a rainbow table to crack passwords. We will now look at some of the commonly used tools. John the Ripper. John the Ripper uses the command prompt to crack passwords. ACX Series,M Series,MX Series,T Series,PTX Series,EX Series,SRX Series. Recovering the Root Password on Routers, Recovering the Root Password on Junos OS with Upgraded FreeBSD, Recovering the Root Password for Junos OS Evolved, Recovering the Root Password on Switches. Hi, We have Juniper ex4200 series which was in factory default configuration. I configured the juniper router with our specifc vlan, IPs etc. And of course before configuring anything I set the root password (and committed) as below command: 1. Set system root-authentication encrypted-password nokia.

Sha-1 is a cryptographic function that takes as input a 2^64 bits maximum length message, and outputs a 160 bits hash, 40 caracters. Sha-1 is an improvement of Sha-0, it was created by the NSA, and improve cryptographic security by increasing the number of operations before a collision (theory says 2^63 operations), however Sha-1 is not considered as secure because 2^63 could be reach pretty easily. It was replaced by Sha-2 (224, 256, 384 and 512 bits), and more recently by Sha-3. Like Md5, Sha-1 is an unilateral function, to decrypt the plaintext behind a hash, you have to confront it to a online database. This website allows you to compare your Sha1 hashes and decrypt it if you're lucky, thanks to our efficient online database. This database contains 15,183,605,161 words, coming from all the wordlists I was able to find online. I then computed for days to enlarge the database and make it really unique, which will help you into Sha1 decryption.
About security, Sha-1 is not considered anymore as a secure hash type. If you still want to use it (and you should instead use Sha-2 functions), you should consider using a salt to make hackers life harder. A salt consist in a string you add to the user password before hashing it. This string could be a random sequence, a timestamp, or anything that will make the password harder to be found.

KB ID 0000940

Problem

Decrypt Type 7 Cisco Passwords

The Internet is full of sites that have something like the tool below, tap your ‘encrypted’ password in and it will reveal the Cisco password.

As you can see I’ve specifically written ‘obfuscated’ above, because the password isn’t actually encrypted at all. All that happens is the Vigenere algorithm is used to obfuscate the password. While tools like the one above are all well and good, your Cisco router will do exactly the same for you, to demonstrate, paste the following into the tool above.

Juniper Encrypted Password Crack 1 0

107D1C09560521580F16693F14082026351C1512

Hopefully you will get the password Sup3rS3cr#tP@ssword.

Your router can also convert that to clear text for you;

So whats the point of these type 7 passwords? Well the only real benefit of them is if someone is looking over your shoulder while you are looking at the config, they can’t see actual passwords in the config.

The passwords in my config are in clear text? That’s because there are three levels of password storage 0 (not encrypted), 7 (weakly encrypted), and (5 strongly encrypted). If you want to convert your config to display them as 7 you need to enter the service password-encryption command;