The master-password documentation says $ 9 $ format or $ 8 $ format.
Do you know what the specific formats are?
Master password uses $8$ format.
$9$ format (existing format) is used to encrypt secrets like the RADIUS password, IKE preshared keys, and other shared secrets in the Junos OS configuration.
The $9 format employ an obfuscation algorithm to map strings (weak encryption). Encoding involves a header of starting noise, followed by string encoding under essentially a Vigenère cipher.
If you want a strong encryption for your configuration secrets, you can configure a master password. The master password is used to derive an encryption key that is used with AES256-GCM to encrypt configuration secrets. This new encryption method uses the $8$ formatted strings.
The $8$-encrypted passwords have the following format:
Encryption/decryption algorithm to be used. Currently only AES256-GCM is supported.
Hash (prf) algorithm to be used for the PBKDF2 key derivation.
The number of iterations to use for the PBKDF2 hash function. Current iteration-count default is 100. The iteration count slows the hashing count, thus slowing attacker guesses.
Sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used to salt(a random, but known string) the password and input to the PBKDF2 key derivation.
A sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used as initialization vector for the AES256-GCM encryption function.
ASCII64-encoded representation of the tag.
ASCII64-encoded representation of the encrypted password.
Hope this helps.
I have a similler question.
Is "$9$ format" junos term ?
When I googled "$9$ format", but I cannot find general meaning.
In $9$ or $8$, what does the numbers mean ?
The '$9' or '$8' represents the starting string in the encryted password(which is being shown in configuration) and indicate the type of encryption used.
$9 format in Juniper is similar to the type 7 in cisco
Hi, Is there a table for $ 9 format?
$9 is not having a structured format unlike $8. It is encrypted by shifting the alphabets like a Vigenère cipher