Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: vpnc: devel

Re: obfuscate passwords

 

 

vpnc devel RSS feed   Index | Next | Previous | View Threaded


borneo.antonio at gmail

Oct 21, 2009, 10:33 AM

Post #1 of 4 (1987 views)
Permalink
Re: obfuscate passwords

Hello Ghat,

the patch in attachment adds a new binary to vpnc, that provides the
functionality you need.
It obfuscates a text accordingly to Cisco encryption.
I have created it reverting the order of deobfuscate().
The obfuscated passwords are accepted by vpnc. Not sure it is really
compatible with Cisco equipments.
The generated password includes a random seed, so you will get
different value if you re-encrypt again and again

example:
$ ./cisco-encrypt antonio
DE1F49A6B8FA0A1CD7F1E82977BCA7743C2A84602ABE10FA9130CCDD88613CD733A08AE487A7DC399144FCC93D41654321F6FE54AB1B6DD0
$ ./cisco-encrypt antonio
E5B17B3ED636E986C34F115E314403E887BCA648367EEB5A2A057CEEA1A62BE1C39A391143136BDBB57F14B0B49A0299438A01F17D9DDBF8
$ ./cisco-decrypt
DE1F49A6B8FA0A1CD7F1E82977BCA7743C2A84602ABE10FA9130CCDD88613CD733A08AE487A7DC399144FCC93D41654321F6FE54AB1B6DD0
antonio
$ ./cisco-decrypt
E5B17B3ED636E986C34F115E314403E887BCA648367EEB5A2A057CEEA1A62BE1C39A391143136BDBB57F14B0B49A0299438A01F17D9DDBF8
antonio

The code still needs some clean-up. For the moment I'm not going to
commit it in svn.
Anybody else thinks this is an interesting to have feature?

Best Regards,
Antonio Borneo


On Fri, Sep 4, 2009 at 12:23 AM, Ghat wrote:
> <snip>
>
> My question is... in my current vpnc config I am using
>
> IPSec secret _plain_text_passwd_
>
> <snip>
>
> I hence wanted to convert that statement to
>
> (configfile only option)
> your password (obfuscated)
> conf-variable: Xauth obfuscated password <hex string>
>
> <snip>
>
> I have however no clue as to how to "encrypt" the passwd to hex...
> I do see that there is a cisco-decrypt, but there is no cisco-encrypt and/or
> I am not sure how this is to work
> with nortel-contivity...
Attachments: patch_obfuscate.diff (4.43 KB)


michael+vpnc at stapelberg

Oct 21, 2009, 11:20 AM

Post #2 of 4 (1901 views)
Permalink
Re: obfuscate passwords [In reply to]

Hi Antonio,

Excerpts from Antonio Borneo's message of Mi Okt 21 19:33:12 +0200 2009:
> the patch in attachment adds a new binary to vpnc, that provides the
> functionality you need.
> It obfuscates a text accordingly to Cisco encryption.
> I have created it reverting the order of deobfuscate().
I have already created such a patch in May 2009, but I directly sent it
to Maurice, who does not seem to have any interest in merging it. Just
for your information, and for maybe taking the best out of both, I
attached it to this mail.

Best regards,
Michael
Attachments: encrypt.patch (8.36 KB)


borneo.antonio at gmail

Oct 21, 2009, 7:21 PM

Post #3 of 4 (1901 views)
Permalink
Re: obfuscate passwords [In reply to]

Hi Michael,
have to say that your implementation is much cleaner than mine.

Does it make sense adding this tool to vpnc?

Best Regards,
Antonio Borneo

On Thu, Oct 22, 2009 at 2:20 AM, Michael Stapelberg
<michael+vpnc [at] stapelberg> wrote:
> Hi Antonio,
>
> Excerpts from Antonio Borneo's message of Mi Okt 21 19:33:12 +0200 2009:
>> the patch in attachment adds a new binary to vpnc, that provides the
>> functionality you need.
>> It obfuscates a text accordingly to Cisco encryption.
>> I have created it reverting the order of deobfuscate().
> I have already created such a patch in May 2009, but I directly sent it
> to Maurice, who does not seem to have any interest in merging it. Just
> for your information, and for maybe taking the best out of both, I
> attached it to this mail.
>
> Best regards,
> Michael
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/


michael+vpnc at stapelberg

Oct 22, 2009, 3:30 AM

Post #4 of 4 (1897 views)
Permalink
Re: obfuscate passwords [In reply to]

Hi,

Excerpts from Antonio Borneo's message of Do Okt 22 04:21:40 +0200 2009:
> have to say that your implementation is much cleaner than mine.
Thanks ;-).

> Does it make sense adding this tool to vpnc?
I think so, yes.

Best regards,
Michael
_______________________________________________
vpnc-devel mailing list
vpnc-devel [at] unix-ag
https://lists.unix-ag.uni-kl.de/mailman/listinfo/vpnc-devel
http://www.unix-ag.uni-kl.de/~massar/vpnc/

vpnc devel RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.