0

My router/access-point Zyxel nwa1123-ac pro stores passwords internally with a custom hashing algorithm. This is the resulting hash for the password "admin":

$4$fmNgdX1E$mjanLAViUqqFtmlNhOl2lfQMpOE7LOeV3uk72A5zp+h8H2rsxFGz/DBA9Bz2BO2gOzqnDuvLNx/xzbDMqTSu3HVY9gvkgefDDHQ4gFur6YQ

I couldn't find any similarities with existing hashing algorithms. There has been some precedent with Zyxel and not so secure password storage: ns3-zyxel

  • 1
    What's your question? This looks like a pretty typical password hash using a short random salt section (the `fmNgdX1E`) and a base64 encoded hash. – David Schwartz May 18 '20 at 19:37
  • Does this answer your question? [How to determine what type of encoding/encryption has been used?](https://security.stackexchange.com/questions/3989/how-to-determine-what-type-of-encoding-encryption-has-been-used) – Fire Quacker May 18 '20 at 20:12
  • The question is what the actual hashing algorithm is, and the question is interesting and valid, IMO. The algorithm doesn't appear to be public. Zyxel support isn't interested in disclosing, which may be a bad sign ("don't roll your own hashing algorithm" is a subset of "don't roll your own crypto"): https://businessforum.zyxel.com/discussion/1447/usg-60-and-zywall-110-firmware-4-30-and-4-31-password-must-change-after-change-can-not-log-in/p3 A bit cheeky of them to have just plucked '$4' out of the air as the hash type, too. :) – Royce Williams May 18 '20 at 20:49
  • Couldn't agree more with Royce, this is a case of "security through obscurity", and I'm a bit skeptical about it. – Wolfdale May 20 '20 at 01:32

0 Answers0