1

I have a tough nut to crack. I'm working on hashing passwords for our network switches (because the alternative is plain-text passwords...). For people who would care about this; it's a huawei switch.

The easy part first

If I give Test1234 as password, the switch generates the following string: $1a$+p45S3\h1'$4YZLS]$j&K1cRI+a@}C~("Hu"Bqzq7bc;'T)/r)7$

If we break down the hash we get

  1. $ <= start delimiter
  2. 1a <= unknown scheme to me (I know, 1 (md5), 2b(bcrypt), 5(SHA256) & 6(SHA512))
  3. $
  4. +p45S3\h1' <= the passwords are salted and this is it (high likelihood looking at other methods)
  5. $
  6. 4YZLS]$j&K1cRI+a@}C~("Hu"Bqzq7bc;'T)/r)7 <= which in all likelyhood is something in the lines of some_hash(salt + password), so some_hash(+p45S3\h1' + Test1234). In earlier contacts, huawei told me "it is AES-256 enhanced", which seems a strange statement; also, I don't know "AES-256 enhanced"; even more, the output is always fixed length (total 56 bytes, just the hash is 40 bytes => 320 bits).
  7. $ <= final delimiter

I thought, by the length, it might've been RIPEMD320; but if I convert a resulting RIPEMD320 hash to ASCII I get garbled text, but I really don't know if that would be the right way forward anyway. (probably not because ASCII has all sorts of "strange" characters anyway).

Any insights or help on the matter is more than welcome!

schroeder
  • 123,438
  • 55
  • 284
  • 319
Xabre
  • 111
  • 3
  • "AES-256 enhanced" is most likely something proprietary with a buzzwordy name. I bet it's less secure than md5crypt based just on that phrase. (Especially if the hash itself is AES-based rather than, for example, the output of a normal hash being encrypted using AES with a hard coded key.) – Future Security Nov 16 '18 at 04:41
  • Yeah, I also kinda made that exact statement yesterday :p, the problem with their documentation is, it's almost impossible to understand what it is they expect. Setting a password hash is, as the documentation states it, a valid scenario; assumption: I would expect that I can generate it. In another statement from them, they also claim their switch supports all sorts of hashing methods (SHA-256, SHA-512, ...). Only their support-line, at some point, told me it's "AES-256 enhanced", which might just as well be a misspelled "SHA-256 enhanced" :p I have asked them for clarification...waiting now – Xabre Nov 16 '18 at 05:01
  • While we should have a canonical question to cover "how to identify a hash", we don't. This type of question is off topic because, as you can imagine, we would be flooded with random strings. – schroeder Nov 22 '18 at 13:16
  • Did you note that you missed a delimiter and field? `4YZLS]$j&K1cRI+a@}C~("Hu"Bqzq7bc;'T)/r)7` should be `4YZLS]` and `j&K1cRI+a@}C~("Hu"Bqzq7bc;'T)/r)7` – schroeder Nov 22 '18 at 13:17
  • Hi @Schroeder, I did notice the extra dollar sign, but deemed it irrelevant since it's not in line with the other systems known and 33-bytes for the hash was strange. (not sure what the extra field could mean in this case... perhaps this is their enhanced AES part :p). Sorry for posting an off-topic question, I just tought somebody might be able to see something more. Will check-out this new field anyway, perhaps it is the missing link – Xabre Nov 22 '18 at 14:17
  • I personally think that hash scheme identification - properly researched first and well-phrased - could reasonably be considered to be in scope for the Security SE (or some other future SE). It would be high volume, but it's a legit everyday issue that security professionals encounter in the wild all the time. And there are plenty of other high-volume topics that we grapple with here every day. :) – Royce Williams Nov 22 '18 at 16:25
  • @Xabre if it is a field delimiter, then it has to be considered. – schroeder Nov 22 '18 at 17:12
  • @Xabre, since this is off-topic (I'm seeing schroeder's point), could you create [a hashcat issue](https://github.com/hashcat/hashcat/issues/new), including a couple of additional example strings ('hashcat' and 'password' would be good) instead? Here's [a verbose example of how to do it](https://github.com/hashcat/hashcat/issues/1204) (but you understandably have much less info). – Royce Williams Nov 22 '18 at 17:17
  • Hi, I've received some new info on the matter; the used hash_function is PBKDF2 , the way it is used PBKDF2(salt+password). Looking into how I could now use this new info to generate a password hash :-) – Xabre Nov 23 '18 at 16:26

0 Answers0