too late, the problem has been resolved........ ----- Original Message ----- From: Brian Meade Date: Tuesday, September 26, 2017 4:51 pm Subject: Re: [cisco-voip] DRS Backup Decrypter Workaround - Need Input To: Anthony Holloway Cc: "cisco-voip@puck.nether.net"
> Definitely a good tip. > > That does assume you can guess the password. I've had a bunch > of customers > have some random cluster security password they had never heard of. > > On Tue, Sep 26, 2017 at 4:24 PM, Anthony Holloway < > avholloway+cisco-v...@gmail.com> wrote: > > > There's an easier (IMO) way to check cluster security passwords. > > > > 1) Enter the change password CLI command, and enter the > password you have > > > > admin:set password user security > > Please enter the old password: My$3cuR1tyW0rd1 > > > > 2) Enter the new password as a dictionary word (I like to use > banana):> > > Please enter the new password: banana > > Reenter new password to confirm: banana > > > > 3) Say yes to the big scary warning: > > > > WARNING: > > You're handing in your resignation letter at 2:00pm today. Cool? > > > > Continue (y/n)? y > > > > 4) Get nervous for a minute and second guess your choice to > follow some > > sketchy advice from some stranger online > > > > Please wait... > > > > 5) Observe the outcome > > > > One of two things will now have happened: > > > > 1) "The old password did not match." This means that you do > not have the > > cluster security password correct, and you can try again with > some other > > guesses. > > 2) "BAD PASSWORD: it does not contain enough DIFFERENT > characters" This > > means that your password was correct, and the "banana" you fed > it was > > rotten. > > > > There you go. No need to have 3rd party software (not > counting an SSH > > client) to help you anymore. > > > > > > On Tue, Sep 26, 2017 at 9:43 AM Brian Meade wrote: > > > >> I'd probably use it less. Right now, I use it for almost > every project > >> to verify cluster security passwords. > >> > >> I'd probably have to make this more of a last resort in that > case and > >> make sure to get sign-off from the customer. > >> > >> On Tue, Sep 26, 2017 at 10:38 AM, Pete Brown wrote: > >> > >>> I could use some public input regarding the next release of > the DRS > >>> Backup Decrypter. In a nutshell, the application will have > to be online in > >>> order to decrypt backup sets from newer UCOS versions. > >>> > >>> Last year Cisco started patching DRS with a new algorithm ( > >>> PBEWithHmacSHA1AndDESede) to encrypt the random backup > passwords. I > >>> haven't been able to find a .NET implementation of this > algorithm. The > >>> only workaround I've come up with is to have the DRS Backup > Decrypter make > >>> a call to a Java webservice that can perform the decryption. > >>> > >>> The problems with this approach are pretty obvious. Aside > from having > >>> to be online, the encrypted cluster security password and > 'EncryptKey' from > >>> a backup set will need to be submitted to a web service that I've > >>> written for decryption. I can publish a public copy of this > webservice,>>> but for those behind corporate proxies (myself > included), the code could be > >>> made available to run the service within their own networks. > In that case > >>> the DRS Backup Decrypter would be pointed to the internal > copy of the > >>> webservice. > >>> > >>> I personally detest utilities that can't operate offline, > but it's the > >>> only workaround I can come up with at this point. So my > question is this - > >>> would anyone actually use it given the webservice dependency? > >>> > >>> _______________________________________________ > >>> cisco-voip mailing list > >>> cisco-voip@puck.nether.net > >>> https://puck.nether.net/mailman/listinfo/cisco-voip > >>> > >>> > >> _______________________________________________ > >> cisco-voip mailing list > >> cisco-voip@puck.nether.net > >> https://puck.nether.net/mailman/listinfo/cisco-voip > >> > > >
_______________________________________________ cisco-voip mailing list cisco-voip@puck.nether.net https://puck.nether.net/mailman/listinfo/cisco-voip