Knowledge Search


×
 

Are the passwords in ScreenOS hashed or encrypted?

  [KB4950] Show Article Properties


Summary:
Are the passwords in ScreenOS hashed or encrypted?
Symptoms:
encypted passwords Authentication User PPPoE NTP hash-password
Solution:

User passwords in ScreenOS 5.0.0 and higher (as well as 4.0.3 and higher) use irreversible SHA-1 hash.

Example:
set user "u1" hash-password "026N5uYMZC0GWWENS5wHyVC2Ki184wI/fKFH4="

Note: The hashed password is different each time the password is set (even if the same password is set).

 

PPPoE and NTP passwords in ScreenOS 5.0.0 and higher use AES reversible encryption.

Example: From the CLI, if you enter the command "set pppoe user u1 password u1", the password will be converted to the following:

set pppoe name "untrust" username "u1" password "0hAETE8aNfRiCVsTOwCjfo/SyAnYNtmaKg=="

Note: The encrypted password length depends on the length of the original clear text password. The encrypted password is different each time the password is set (even if the same password is set).


Related Links: