I'd probably use it less. Right now, I use it for almost every project to verify cluster security passwords.
I'd probably have to make this more of a last resort in that case and make sure to get sign-off from the customer. On Tue, Sep 26, 2017 at 10:38 AM, Pete Brown <[email protected]> wrote: > I could use some public input regarding the next release of the DRS Backup > Decrypter. In a nutshell, the application will have to be online in order > to decrypt backup sets from newer UCOS versions. > > Last year Cisco started patching DRS with a new algorithm ( > PBEWithHmacSHA1AndDESede) to encrypt the random backup passwords. I > haven't been able to find a .NET implementation of this algorithm. The > only workaround I've come up with is to have the DRS Backup Decrypter make > a call to a Java webservice that can perform the decryption. > > The problems with this approach are pretty obvious. Aside from having to > be online, the encrypted cluster security password and 'EncryptKey' from a > backup set will need to be submitted to a web service that I've written for > decryption. I can publish a public copy of this webservice, but for those > behind corporate proxies (myself included), the code could be made > available to run the service within their own networks. In that case the > DRS Backup Decrypter would be pointed to the internal copy of the > webservice. > > I personally detest utilities that can't operate offline, but it's the > only workaround I can come up with at this point. So my question is this - > would anyone actually use it given the webservice dependency? > > _______________________________________________ > cisco-voip mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-voip > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
