How does Arista EOS and Cisco IOS encrypt tacacs+ encyption keys?

Question

We're using tacacs for AAA on our network devices, and I'm interested/curious in how our devices are encrypting the passwords device side.

Following the Arista EOS manual, page 139, I'm running:

switch(config)#tacacs-server key 0 cv90jr1

The guide tells me that the corresponding encrypted string is 020512025B0C1D70.

switch(config)#show running-config | grep tacacs
tacacs-server key 7 1306014B5B06167B

Seeing a different encrypted string than the one they mentioned got me curious. So I added the same key ten more times and took a look at the encrypted versions:

tacacs-server key 7 0110105D0B01145E
tacacs-server key 7 070C37151E030B54
tacacs-server key 7 020512025B0C1D70
tacacs-server key 7 1306014B5B06167B
tacacs-server key 7 020512025B0C1D70
tacacs-server key 7 020512025B0C1D70
tacacs-server key 7 0110105D0B01145E
tacacs-server key 7 110A0F5C4718195D
tacacs-server key 7 0007055F54511957
tacacs-server key 7 03074D525605331D

I couldn't find any information about this. I'm particularly interested in the fact that I collided the manual's key three times and have another separate collision in there. Whatever salting they do seems to not have a particularly large input domain.

So how does this does get encrypted? If an adversary were to obtain a device's configuration information (say.. the output of show running-config), how easy/hard would it be to compute the true tacacs+ key?

Does Cisco IOS work the same way? I do not have a lab Cisco device to experiment with this on, but I'm under the impression that features which Arista didn't think needed to be different are identical between Arista and Cisco.

Answer 1

That's a Cisco type 7 encoding.. I'd hesitate to call it encryption, as it's an incredibly weak algorithm. To demonstrate, drop any of those encrypted strings into this tool, and it'll give you the secret key immediately.

The variability in the encrypted output does indeed come from a salt of sorts - specifically, tfd;kfoA,.iyewrkldJKD. That string is constant, what varies is the start point - the first two characters of the encrypted string indicates where on the salt to start decrypting.

See here for more information on the specifics of the algorithm's implementation.

Answer 2

Those keys, as Shane mentioned, are hardly encrypted and are commonly recognized as simply a defense against over-the-shoulder viewing of keys and passwords. In fact, if you don't have service password-encryption enabled in a Cisco, the keys will be plaintext.

It's generally recommended that if you need to share this config with someone outside your organization, you need to remove the keys from the config file and any other passwords that use type 7.