Subject: Re: [seg-l] Passwords en Cisco (fwd) Date: Mon, 3 Nov 1997 11:28:30 -0500 From: "We got Food - Fuel - Ice-cold Beer - and X.509 certificates" To: BUGTRAQ@NETSPACE.ORG The Shell script that was posted was originally written by Hobbit (hobbit@avian.org) and is available from ftp://avian.org. The C code I believe originally came from SPHiXe and has been floating around for some time. Yes, they both should work on 11.x. For those who want to save the time here's what cisco is doing (just so you can do a lot of it in your head): Assume the following : Password 7 08204E The encrypted string is 08204E. It must be an even length of digits and the first two digits are used as a base 10 index into the XOR string. The length of the plaintext password is strlen(enc_pw) -2 / 2. In this case 2 chars. 08 is the index into the xor string. 2 is multiplied by 16 (or left shifted 4 times) then the next digit (0) is added to it. [ == 32] 32 XOR xorstring[08] = 'a' Move to the next two digits and repeat - 4 * 16 = 64 64 + 14 (E) = 78 increment the index into the xor string 78 XOR xorstring[08] = 'b' In a couple of days you should be able to download a PalmPilot version of this and a FORTH interpretation with instructions to put it into your OpenBoot prom on SPARCs from the l0pht (www.l0pht.com). Just figured I'd point out where those two pieces of code came from since attribution was lacking in the previous posts. .mudge