Junos OS

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about Junos OS.
  • 1.  About $ 9 $ format or $ 8 $ format of the master-password documentation

    Posted 09-05-2019 20:06

    The master-password documentation says $ 9 $ format or $ 8 $ format.

    https://www.juniper.net/documentation/en_US/junos/topics/topic-map/master-password-configuration-encryption.html#id-hardening-shared-secrets-in-junos-os

     

    Do you know what the specific formats are?



  • 2.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

    Posted 09-05-2019 21:10

    Master password uses $8$ format.

    $9$ format (existing format)  is used to encrypt secrets like the RADIUS password, IKE preshared keys, and other shared secrets in the Junos OS configuration. 

     



  • 3.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

     
    Posted 09-06-2019 12:00

    Hi

    The $9 format employ an obfuscation algorithm to map strings (weak encryption). Encoding involves a header of starting noise, followed by string encoding under essentially a Vigenère cipher.

     

    If you want a strong encryption for your configuration secrets, you can configure a master password. The master password is used to derive an encryption key that is used with AES256-GCM to encrypt configuration secrets. This new encryption method uses the $8$ formatted strings.

     

    The $8$-encrypted passwords have the following format:

    $8$crypt-algo$hash-algo$iterations$salt$iv$tag$encrypted

     

    Format Description

    crypt-algo

    Encryption/decryption algorithm to be used. Currently only AES256-GCM is supported.

    hash-algo

    Hash (prf) algorithm to be used for the PBKDF2 key derivation.

    iterations

    The number of iterations to use for the PBKDF2 hash function. Current iteration-count default is 100. The iteration count slows the hashing count, thus slowing attacker guesses.

    salt

    Sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used to salt(a random, but known string) the password and input to the PBKDF2 key derivation.

    iv

    A sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used as initialization vector for the AES256-GCM encryption function.

    tag

    ASCII64-encoded representation of the tag.

    encrypted

    ASCII64-encoded representation of the encrypted password.

     

    Hope this helps.



  • 4.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

    Posted 09-11-2019 23:15

    Hi all.

    I have a similler question.

     

    Is "$9$ format" junos term ? 

    When I googled "$9$ format", but I cannot find general meaning.

    In $9$ or $8$, what does the numbers mean ?

     

    Regards,



  • 5.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

     
    Posted 09-12-2019 17:06

    Hi

    The '$9' or '$8' represents the starting string in the encryted password(which is being shown in configuration) and indicate the type of encryption used.

    eg:

    "$9$01X/1EyM87s2alK2aZU.mO1R"

     $9 format in Juniper is similar to the type 7 in cisco

     

     

    Regards

     



  • 6.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

    Posted 09-12-2019 18:24

    Hi, Is there a table for $ 9 format?



  • 7.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

     
    Posted 09-13-2019 12:19

    Hi 

    $9 is not having a structured format unlike $8. It is encrypted by shifting the alphabets like a Vigenère cipher

    https://en.wikipedia.org/wiki/Vigen%C3%A8re_cipher

     



  • 8.  RE: About $ 9 $ format or $ 8 $ format of the master-password documentation

    Posted 10 days ago

    Are there any more details on the algorithm for computing the $8$ strings? I have tried to generate one to match what we have in our config and I have not been successful. Firstly the salt/iv/tag don't properly decode using base64 because they are not properly padded. I am not sure if padding them gets me the right values or not. It is also possible that Juniper is adding some additional data into the AES256-GCM cipher which means this cannot be computed off box. 

    I am using a bit of python code like this to try to generate the string
    from Crypto.Cipher import AES
    from Crypto.Hash import SHA512
    from Crypto.Protocol.KDF import PBKDF2
    
    def junos_type8_encrypt(
        master_password: str, password: str, salt: bytes, nonce: bytes, rounds: int
    ):
        encryptionKey = PBKDF2(
            password=master_password,
            salt=salt,
            dkLen=32,
            count=rounds,
            hmac_hash_module=SHA512,
        )
        cipher = AES.new(key=encryptionKey, mode=AES.MODE_GCM, nonce=nonce)
        cipher_text, tag = cipher.encrypt_and_digest(plaintext=password.encode())
    
        encoded_text = base64.b64encode(cipher_text).decode()
        encoded_tag = base64.b64encode(tag).decode()
        encoded_salt = base64.b64encode(salt).decode()
        encoded_nonce = base64.b64encode(nonce).decode()
        return f"$8$aes256-gcm$hmac-sha2-512${rounds}${encoded_salt}${encoded_nonce}${encoded_tag}${encoded_text}"