|
|
Question : Problem: should I leave the "enc_GroupPwd" parameter in .pcf file filled in
|
|
Experts, I am configuring connection entries for Cisco VPN client 4.8.1 and am wondering if it is ok to leave the "enc_GroupPwd" parameter filled in on the .pcf file for distrobution. Would this be a security risk?
My cofig looks like this (xxxx means private info): [main] Description=XXXXX Host=XXXXX AuthType=1 GroupName=XXXXX GroupPwd= enc_GroupPwd=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX EnableISPConnect=0 ISPConnectType=1 ISPConnect= ISPCommand= Username= SaveUserPassword=0 UserPassword= enc_UserPassword= NTDomain=XXXX EnableBackup=0 BackupServer= EnableMSLogon=1 MSLogonType=0 EnableNat=1 TunnelingMode=0 TcpTunnelingPort=XXXXX CertStore=0 CertName= CertPath= CertSubjectName= CertSerialHash=XXXXX SendCertChain=0 VerifyCertDN= DHGroup=2 ForceKeepAlives=0 PeerTimeout=90 EnableLocalLAN=0
Thanks,
|
Answer : Problem: should I leave the "enc_GroupPwd" parameter in .pcf file filled in
|
|
The algorithm is actually flawed and crackable , there are tools availble to crack it so its pretty easy to crack.
The current date as a string is retrieved (e.g. Mon Sep 19 20:00:00 2005) * Then a SHA-1 Hash h1 is computed (20 Bytes) * h1 is modified and a new Hash h2 is calculated * h1 is again modified and h3 is calculated * the 3DES key is made of h2 and the first 4 bytes of h3 * The password is encrypted using 3DES in CBC Mode. The IV consists of the first 8 Bytes from h1. * The algorithm computes a last hash h4 from the encrypted pasword * The key enc_UserPassword in our profile file now looks like ths: h1|h4|encrypted password
But the question is why would i go to the trouble of trying to crack the password when i can simply import the pcf into a cisco VPn client and not need to know the password at all to gain access to attempting to login to the tunnel.
|
|
|