--On Friday, June 29, 2001 10:00 AM +0200 Eric Vyncke <evynckeat_private> wrote: > As you probably know, for some password (used notably for SNMP, CHAP, > PAP, IKE, ...) there is a protocol need to get those passwords in the > clear. Hence, the obfuscation mechanism will always be reversible. Even > using 3DES will require a hard coded key hidden somewhere in the IOS > code (and a 'simple' reverse engineering will expose this key). > > Of course, suggestions are welcome For CHAP, do you actually need the password in the clear, or do you need the password+realm hash? The latter is far less dangerous. -- Carson
This archive was generated by hypermail 2b30 : Tue Jul 03 2001 - 10:49:15 PDT