SRX

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.

Dear Sir,

any reason why SRX 340 with OS 22 generating hash as hmac-sha  "$8$aes256-gcm$hmac-sha2-256$100$TfNtKvy8tHI$Zab98cIoV+lVAG0+VzVyEw$o//xWmkmKBTCpC8VEzv9/A$XEMe5cW9cmhuxvdMOpg65g"'

instead of "$9$0k     

pls help!

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.

thanks for the reply boss!

is there a command to force SRX to use $9 format hash instead of $8 format? 

------------------------------
ALI ARKAWAZI

Original Message:
Sent: 05-08-2024 11:20
From: ALI ARKAWAZI
Subject: checksum Vs Hash digest

Dear Sir,

any reason why SRX 340 with OS 22 generating hash as hmac-sha  "$8$aes256-gcm$hmac-sha2-256$100$TfNtKvy8tHI$Zab98cIoV+lVAG0+VzVyEw$o//xWmkmKBTCpC8VEzv9/A$XEMe5cW9cmhuxvdMOpg65g"'

instead of "$9$0k     

pls help!

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.

I suspect you'll have to zeroize the system.

thanks for the reply boss!

is there a command to force SRX to use $9 format hash instead of $8 format? 

------------------------------
ALI ARKAWAZI

Original Message:
Sent: 05-08-2024 11:20
From: ALI ARKAWAZI
Subject: checksum Vs Hash digest

Dear Sir,

any reason why SRX 340 with OS 22 generating hash as hmac-sha  "$8$aes256-gcm$hmac-sha2-256$100$TfNtKvy8tHI$Zab98cIoV+lVAG0+VzVyEw$o//xWmkmKBTCpC8VEzv9/A$XEMe5cW9cmhuxvdMOpg65g"'

instead of "$9$0k     

pls help!

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.

Dear Sir,

any reason why SRX 340 with OS 22 generating hash as hmac-sha  "$8$aes256-gcm$hmac-sha2-256$100$TfNtKvy8tHI$Zab98cIoV+lVAG0+VzVyEw$o//xWmkmKBTCpC8VEzv9/A$XEMe5cW9cmhuxvdMOpg65g"'

instead of "$9$0k     

pls help!

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.

Looks like you have a master password configured on the device. Check this out: https://www.juniper.net/documentation/us/en/software/junos/user-access/topics/topic-map/master-password-configuration-encryption.html#id-hardening-shared-secrets-in-junos-os

Dear Sir,

any reason why SRX 340 with OS 22 generating hash as hmac-sha  "$8$aes256-gcm$hmac-sha2-256$100$TfNtKvy8tHI$Zab98cIoV+lVAG0+VzVyEw$o//xWmkmKBTCpC8VEzv9/A$XEMe5cW9cmhuxvdMOpg65g"'

instead of "$9$0k     

pls help!

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.

Checksums are an early design just to confirm against transit corruption in communication systems and links.  This is a quick simple verification that the links are correctly communicating data.  You can selectively modify data and keep checksums passing.  But that would not happen by accident in transit.  So the original purpose of the checksum still works to detect link problems.

Hashes are more robust and designed to add security to detect mailicious manipulation of data in transit.  These are security features and constantly evolving as the threat to data access and manipulation increases.