RADIUS key encryption?

On N-series switches, the key to Ray is, by default, displayed in clear text in the configuration file.

There is a CLI option to specify an encrypted value, but he says that the length of the parameter must be exactly 256 characters. The CLI documentation specifies nor on the type of encryption or how before you encrypt the password.

I tried "SHA256-ing" my key, but it generates only 64 hex (256-bit). When it says 256 characters, I guess that means 256 hex (i.e. 1024 bits)?  I don't know how to generate this value of my key... no guidance?

Thank you!

It's something that we need to get out a new version of firmware to solve. So for now unencrypted is the only option.

Tags: Dell Switches

Similar Questions

  • Repeatable encryption with RSA public key encryption

    Hello

    I have the following problem: I try to encrypt a byte array with an RSA public key encryption and want to get the same byte array encrypted for every call to doFinal().

    Object*.
    Two people (a and b) may share the same secret. Yet they don't trust each other until what they have confirmed that they share the same secret. To check if both share the same secret the following protocol apply (via a communication channel not secure assistance from person c they don't trust either). Also, there is no one which may help to establish trust (i.e. building confidence channels).

    (1) generates the public key / private RSA
    (2) a figure his secret with the RSA public key
    (3) one sends the secret encrypted with its public RSA key for b
    (4) b uses the RSA a public key to encrypt his secret
    (5) in the case of the encrypted secret of a matches the secret encrypted b, then make (6), if a and b do not share the same secret, as they are in conversatzion
    (6) b generates his own public key / private RSA
    (7) b figure (not encrypted) secret with its private key
    (8) b figure his secret (encrypted with its private key), as well as his public key with the public key of a
    (9) b sends his secret (encrypted with its private key) and its public key in a
    (10) one decrypts the secret and b public key with its private key
    (11) one decrypts the secret with the public key of b
    (12) checks if the secret received b acually meets that one knows = > trust established, finishing


    So, I want to achieve is that the following code prints "true":
    byte[] potentialSecret = new byte[]{1, 2, 3, 4, 5};
KeyPairGenerator kpg = KeyPairGenerator.getInstance(RSA);
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
PublicKey key = kp.getPublic();
Cipher c = Cipher.getInstance(RSA);
c.init(Cipher.ENCRYPT_MODE, key);
System.out.println(Arrays.equals(c.doFinal(xy), c.doFinal(xy)));
    I tried to 'tinker' with initialization vectors, but still finished with the exceptions of various type.


    Thank you very much
    Bjoern


    How can PS: btw, I markup code? It is my first assignment in the Oracle forums.

    If your security is based on a secret that can be 8bits then you only 8bits of security. An attacker could send a request with their own key pair with all the data. The other party would return the text key and the encryption algorithm and then after less than 256 RSA cryptographic operations you have the secret (if it's 1 byte). You can then send the request with the correct secret.

    See you soon,.
    Shane

  • Why all these hundreds of iMessage Sign In and key encryption keys?

    Since el Capitan, upgrade of hundreds of iMessage Sign-In and encryption keys are listed. If I decide to delete one of them, a dialog box gives me a terrible warning.

    Are these important, a security feature or just a pain?

    Hello

    Each cat to iMessages you is encrypted.

    The keys are saved so that you can view the cats later if you save them.

    The size of the key file is very small and even total not not worthy to be that barely thereon.

    There are a couple of threads on this topic with some saying that they do not want to keep them now.

    I'm not sure that someone tried to delete them and see if it looks an effects older cats.

    21:09 Wednesday; 24 February 2016

     iMac 2.5 Ghz i5 2011 (Mavericks) 10.9
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro (Snow Leopard 10.6.8) 2 GB
     Mac OS X (10.6.8).
     a few iPhones and an iPad

  • Hu_RSAKeySet RSA public key encryption

    I have a public key and I'm trying to encrypt data with it.  This is my code:

    sb_GlobalCtx globalContext;
hu_GlobalCtxCreateDefault(&globalContext);
hu_RegisterSbg56RSA(globalContext);
hu_RegisterSbg56(globalContext);
hu_RegisterSystemSeed(globalContext);
hu_InitSbg56(globalContext);
sb_Context context = NULL;

unsigned char modChar[2048] = { 0xCA, 0x26, 0xFF, 0x56, 0xBF, 0xBF,
            0x49, 0x5B, 0x94, 0xED, 0x94, 0x6E, 0xBB, 0x7A, 0xD0,
            0x9D, 0xA0, 0x72, 0xE5, 0xD2, 0x96, 0x31, 0x85, 0x41,
            0x78, 0x1C, 0xC9, 0x95, 0xAF, 0x79, 0x62, 0xC4, 0xC2,
            0x8E, 0xA9, 0xAF, 0x08, 0x22, 0xDE, 0x22, 0x48, 0x65,
            0xDA, 0x1D, 0xCA, 0x12, 0x99, 0x42, 0xB3, 0x56, 0xA7,
            0x99, 0xCA, 0x27, 0x7B, 0x2B, 0x45, 0x77, 0x14, 0x5B,
            0xE1, 0x75, 0x04, 0x3D, 0xDB, 0x68, 0x45, 0x46, 0x72,
            0x61, 0x20, 0xA9, 0xA2, 0xD9, 0x50, 0xD0, 0x63, 0x9B,
            0x4E, 0x7B, 0xA4, 0xA4, 0x48, 0xD7, 0xA9, 0x01, 0xD1,
            0x8A, 0x69, 0x78, 0x6C, 0x79, 0xA8, 0x84, 0x39, 0x42,
            0x32, 0xB3, 0xB1, 0x1F, 0x04, 0x4D, 0x06, 0xCA, 0x2C,
            0xD5, 0xA0, 0x45, 0x8D, 0x10, 0x44, 0xD5, 0x73, 0xDF,
            0x89, 0x0C, 0x25, 0x1D, 0xCF, 0xFC, 0xB8, 0x07, 0x6B,
            0x1F, 0xFA, 0xAE, 0x67, 0xF9
    };
uchar mySeed[4];
size_t seedLen = 4;

success = hu_SeedGet(&seedLen, mySeed, globalContext);
sb_RNGCtx rngCtx = NULL;
success = hu_RngCreate(seedLen, mySeed, NULL, NULL, NULL, &rngCtx, globalContext);
sb_Params rsaParams = 0;
success = hu_RSAParamsCreate(size_t(2048), rngCtx, NULL, &(rsaParams), globalContext);
success = hu_RSAKeySet(rsaParams, 0, NULL, (size_t)2048, modChar, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, NULL, &pubKey, globalContext);

    Achieve anything except because when I get to hu_RSAKeySet, it returns SB_ERR_BAD_RSA_N.  I think that my sizes are mixed, but making (size_t) 128 and the size of modChar to 128 do not work either.

    I used this as a guide, but it generates the private and public, I just need the public if I can do hu_RSAPublicEncrypt: https://github.com/blackberry/Cascades-Community-Samples/blob/4749d8105d1136b960784ae451cd78fca5377b...

    Is anyone able to tell me why my module is bad?

    Understand my question, the RSAParamsCreate wants to have the size of the key in BITS that I had trouble backtracking 1024, 2048, so my modChar necessary to the size in BYTES to create a modChar [128] and the params size 1024, and then in the set of keys, I have the size be 128.

  • Windows XP does not recognize the product key that is encrypted to ptfb software

    Win xp works edition overview of ptfb but will not recognize the product key encrypted for the purchased software.

    Hi Gleeb,

    The question you posted would be better suited to PTFB support. Check out the link and ask the question.

    http://www.tlhouse.co.UK/support/index.php?group=PTFB

  • Issue of encryption of RADIUS

    Hello

    I would just check what type of encryption used by saying a Radius Server and a Cisco network device.  References online as the RADIUS only encrypts the password but I can't seem to find any info on what type of encryption.  I am inclined to believe that the password is encrypted using the brightness button before but what type of encryption (3des. aes?)?

    Thanks in advance.

    It uses the MD5 hash.

    http://books.google.com/books?id=f7OJ74ZQXBYC&pg=PA518&lpg=PA518&dq=radius+password+encryption&source=bl&ots=W0Zqau_ffE&sig=I9yuZqpHvJ-oJFKGrqP9leCULBI&hl=en&ei=Gvt1TJi8KIXWtQO5mO2gDQ&sa=X&oi=book_result&ct=result&resnum=5&ved=0CCoQ6AEwBA#v=onepage&q=radius%20password%20encryption&f=false

  • Turn the key to files already encrypted using EFS Microsoft

    Hello

    There is a need for me ' 1) I need to turn the already physical key encrypted using EFS files.

    (2) and I shouldn't keep the certificate on the same database server.

    I got to know on Microsoft EFS with smart card option. But have no idea how to implement it. Please notify.

    Hello Alexis,.

    Thanks for posting your question on the Microsoft community.

    The question will be better suited to the audience of professionals on the TechNet forums.

    I would recommend posting your query in the TechNet forums.

    TechNet Forum
    https://social.technet.Microsoft.com/forums/en-us/home?Forum=w8itprosecurity

    Thank you

  • Encrypt a local backup question

    I connected my iPad to a new laptop computer to save for the first time. I previously backed up to a PC and icloud. On the new laptop on the local backup key Encrypt and I am asked for a password. As far as I know that I didn't put a password like on my PC I do not encrypt. Any ideas as to what I can do, please?

    According to Apple:

    There is no way to recover your information or disable backup encrypted if you lose or forget the password.

    On safeguards encrypted in iTunes - Apple Support

  • Over 2 years factory restore, Windows 8 Gateway fails to validate Windows 8 from the bios encrypted

    Hi all. For two weeks now, I tried to help a veteran 84-year difficulty his virus infected Office Windows 8 Gateway (Walmart) age of 2 years old.

    The poor old man was a PC buyer first time when he bought this PC two years ago & didn't have understand the consequences of not renewing its 60-day trial version antivirus. Therefore after continuing to run his PC online almost two years later, it was badly infected. I went there to help a couple of weeks & he was clearly infected. I installed Malewarebytes, which found more than 2100 malewares & 7 Trojan horses...

    I used the factory at the same time restore within Windows 8 boot, & of course, it works but will not validate Windows 8 once it ends. I even tried to clear cmos without result. He can simply read the product ID key encrypted from the UEFI bios.

    I could go in another (horrible) story about a third out of the seller of the security assistance Acer references on their site, but in reality what good it would do at this point?

    Does anyone have a solution for this?

    Thanks in advance for your time, review, & effort!

    Kind regards

    Frank

    I would try to use the Microsoft phone activation before installing windows 7 (it must define Roop, disable startup secure, sometimes you need to update your BIOS too to have the option of CSM)

    Press Office windows 8:

    the Windows logo key + r

    type

    slui.exe 4

    Press enter

    Choose to activate by phone and follow the instructions on the screen.

  • Do not remember the WPA key. Other computers on the network

    I don't remember my WPA key and reset isn't exactly an option since I have other computers already configured for the existing key. I don't mind reset other computers as well if I knew for sure that it works. However, there is a discrepancy between the length of the WPA key on my Linksys (indicated as asterisks-33) and the length of the WPA key shown on the laptop of my wife (indicated as asterisks-63).

    I am trying to add a Wii to my network. Our router is currently not broadcasting the SSID, but I typed the name of the router in the Wii in any case. (She even will be able to find a network that is not broadcasting its SSID?).

    I also added the Wii MAC address to the list of trusted computers.

    Regarding the password, I considered to change but I'm worried I might spoil my wife configuration.

    When I go into my wireless settings, I see that I use a WPA TKIP encryption which is 33 characters long. However, when I go into the configuration of the network on my wife's computer, she says that his encryption key is 63 characters (WPA - PSK TKIP). Why the keys of different length?

    Is it possible to change the encryption key on the router to something I'd remember? If so, that will enter my wife's computer? Wouldn't make sense that what I typed in the settings wireless of Linksys (33 characters) would be the same as mine rather than 63 characters?

    I'm so confused.

    Any help?

    First, the County of asterisk is meaningless.  Even the number of characters in your password is a secret, so all good programmer who wrote your wireless network card driver shouldn't have a number of astrerisk which corresponds to your password.

    Set your "broadcast SSID" "enabled."  Do you really think someone will lose hundreds (or thousands) of hours of time to break your password, just enter a router WPA?  As long as you use WPA or WPA2 and a password, you shouldn't worry about your SSID broadcast.

    You can use any key (sometimes called password or password) you want, but all the keys (in router and all computers) will be the same.  Ideally you should use a strong password.

    Choose passwords (keys): you should never use a Word from the dictionary as a password. If you use a Word from the dictionary as a password, or WPA2 can be cracked in a few minutes. When you take your login password and key encryption (password or password), you must use a random combination of uppercase letters, lowercase letters and numbers letters, but no spaces. A connection password, must be 12 characters or more. WPA and WPA2 passwords must be less than 24 characters. Note: Your key, password or password should not be a space in it.

    Most individuals should have their routers defined so that "remote management" of the router is disabled. If you must have this option enabled, then your password needs to be increased to a minimum of 24 random characters.

    An additional problem is that Windows XP requires SP3 run WPA2 (WPA with AES =).

  • My Hp Pavilion laptop 2244sa g6 does not come with the product key for windows8. Is this normal?

    Hello

    My Hp Pavilion laptop 2244sa g6 does not come with the product key for windows8. Is this normal? I can't see it anywhere, should I worry?

    Some laptops, like my Envy 17-3002ea loan, have the certificate of authenticity Windows hidden in the compartment where the hard drive and the battery are.  First try.

    Other portable latest and which may include yours, have the Windows license key encrypted in the BIOS.  There is a thread on the Microsoft communities that verifies that. The thread is worth reading.

  • Incompatibility of WEP key

    not serious... I don't want to use WEP to a SSID public, but told me to do.

    Yes... I read every single document of WEP I can find... still can't make it work... wasted so many hours on it!

    the customer is a selectable dual band of Cisco/Linksys AE1000 High Performance Wireless-N USB adapter running on Win7/64.

    so what is the problem with this configuration? The unencrypted key is ABCDEF1234.

    dot11 mbssid
    dot11 syslog
    !
    SSID dot11-4 c
    VLAN 20
    open authentication
    authentication wpa key management
    Guest mode MBSSID dtim-period 75
    WPA - psk ascii 7 107B1E4B5300363E22123E
    !
    dot11 ssid 4-C_Public
    VLAN 30
    open authentication
    Comments-mode
    Guest mode MBSSID dtim-period 75

    nterface Dot11Radio0
    no ip address
    no ip route cache
    !
    VLAN 30 key 3 size 40 bit 7 2D8DA7E84856 transmit encryption keys
    encryption vlan 30 wep40 tkip encryption mode
    !
    SSID 4-C_Public
    !
    gain of antenna 0
    Base speed - basic - basic - basic - 11.0 6.0 5.5 2.0 1.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
    root of station-role
    !
    interface Dot11Radio0.10
    encapsulation dot1Q 10 native
    no ip route cache
    Bridge-Group 1
    Bridge-group subscriber-loop-control 1
    Bridge-Group 1 block-unknown-source
    No source of bridge-Group 1-learning
    unicast bridge-Group 1-floods
    Bridge-Group 1 covering-disabled people
    !
    interface Dot11Radio0.30
    encapsulation dot1Q 30
    no ip route cache
    Bridge-group 30
    Bridge-group subscriber-loop-control 30
    Bridge-group 30 block-unknown-source
    No source of bridge-group 30-learning
    No bridge group 30 unicast-flooding
    Bridge-group 30 covering people with reduced mobility
    !

    Hello

    The ssid of your wpa is vlan 20 and your wep is vlan 30.

    Your encryption config is as follows:

    VLAN 30 key 3 size 40 bit 7 2D8DA7E84856 transmit encryption keys
    encryption vlan 30 wep40 tkip encryption mode

    I would like to replace these lines with:

    VLAN 30 key 3 size 40 bit 7 2D8DA7E84856 transmit encryption keys

    encryption vlan 30 mandatory wep mode

    encryption vlan 20 tkip encryption mode

    'wep40 mode ciphers' is really for wep + dot1x, not static wep. And on top of that, you had both tkip and wep/dot1x on your vlan 30 has no meaning so much to me.

    I hope this helps.

    Nicolas

    ===

    Remember responses of the rate that you find useful

  • Is it possible to send Radius accounting packets with two different servers?

    Hello experts!

    I have dilemma I send info Radius accounting on two different servers for authentication of the dot1x. Here are the relevent config. However the switch just to send a copy on the first server in the server group...

    RADIUS AAA server Acct group
    ACCT-port of the server 172.17.1.1 auth-port 1812 1813
    ACCT-port of the server 172.17.1.2 auth-port 1812 1813

    accounting dot1x default start-stop broadcast group AAA Acct

    RADIUS-server host 172.17.1.1 auth-port 1812 acct-port 1813 key xxxxxx
    RADIUS-server host 172.17.1.2 auth-port 1812 acct-port 1813 key xxxxxx

    Is it possible to send two copies of two different servers? I tried the key word 'issue' in the aaa accounting command, but it does make a difference. What is doing? I can't find it in the manual...

    Thank you!

    Difan

    Difan,

    You must create two aaa server groups to operate. Allows the sending of accounting records to multiple AAA servers.  At the same time returns accounting records the first server in each group. If the first server is unavailable, the failover occurs using servers defined within this group.

    Accounting AAA broadcast configuration
    The following example shows the turn on broadcast accounting using the aaa accounting global command:

    RADIUS AAA server group isp
    Server 1.0.0.1
    Server 1.0.0.2

    AAA isp_customer radius server group
    Server 3.0.0.1

    AAA accounting network default start-stop broadcast group isp group isp_customer

    host server RADIUS 1.0.0.1
    host server RADIUS 1.0.0.2
    Server RADIUS key key1
    RADIUS-server host 3.0.0.1 key2 keys

    The broadcast keyword causes the start and stop accounting for dot1x connections to be sent simultaneously to the 1.0.0.1 group isp server and Server 3.0.0.1 in the isp_customer group. If 1.0.0.1 is unavailable, Server failover 1.0.0.2 occurs. If the 3.0.0.1 server is unavailable, no failover occurs because backup servers are not configured for the isp_customer group.

    Kind regards

    ~ JG

    Note the useful messages

  • Difference on the installation disc and computer product key

    Hello

    Why is the product key on the different installation for Windows 7 Ultimate disc from that on my computer that verifies a genuine copy was installed?  In other words, the product key on the installation disc has a combination of letters and numbers.  However, the product key on my computer that verifies that you have a genuine copy of Windows 7 Ultimate installed has only numbers.

    Thank you in advance.

    MoPete

    The product ID is never really entered into the computer, what you have on the label is a 24-bit coded version which decodes the installation process to form the product ID.

    If you have already built a system by entering the 25 character key, you will see a small break after entering the key. This is the decoding of the key system and then check the type of product with the version of the software being installed.

    Also, be aware that if your system is a large manufacturer and shipped with Windows preinstalled, then the encrypted key can not match the label. If you use a utility such as magic jellybean keyfinder on a system, it can retrieve this key encrypted in the registry. This key is different from the label, because all systems supplied by the manufacturer with a particular version of Windows will have the same key. This avoids having them to enter a key on all of the PCs they do individually and do not have to be authenticated on the line.

  • ISO product key?

    Hello.

    UH... Dv6 - 7267cl running Windows 8.1 ENVY

    LSS: My father-in-law fell for one of these scams of ransom of customer service. Some guy called, convinced him install the remote access software, is made or infecting him not by malware (now makes no difference), and when he refused to pay for them to 'fix' him locked using syskey. I understand that this is a very common scam.

    Point being that I was able to recover his files with a universal adapter for USB hard drive and am trying to re-setting up Windows after a clean install. Problem is when I try to activate it, it requires a product key, that I don't have. I got the link from iso for this thread:

    (Windows Vista, 7 and 8 ISO / Image files download links, where the link is not post)

    It is my understanding from his machine, the product number would suffice. Now, I read more about this thread and see something need to change the iso file before installation in order for this to happen. So, I have to start? Another cost to install? Because if this is the case, it would be nice if some mod could change the OP post to reflect the fact that, if this does not happen to other people.

    Hello:

    If the laptop comes with the W8 (specifications of product indicated for this), you cannot use a detail file install W8 because Microsoft is returned at the time where you must use the same type of installation media that the product key is for.

    For example: W8 OEM must be reinstalled with a set of recovery disks or W8 OEM installation media.

    So... your options as I see them are:

    1. see if you can reset the computer to its factory settings using the Recovery Manager program.

    See info below.

    http://support.HP.com/us-en/document/c03489643

    If method 1 does not work then...

    2. order a set of recovery disc W8 for this model by clicking on the link below and then click to expand the order recovery media line and then click on the blue button more details.

    http://h10025.www1.HP.com/ewfrf/wc/softwareCategory?OS=4132&LC=en&cc=us&DLC=en&sw_lang=&product=5312225

    3. post Hüffer reading on the link below to access a W8 x 64 OEM installation file.  This file should work with the W8 product key encrypted in the BIOS.

    http://h30434.www3.HP.com/T5/notebook-hardware/need-product-key/m-p/2592907#M96681

Maybe you are looking for

  • selection of rows in table

    I know this was asked (I read all the other posts on the same question), but I have no luck with the 'official' way to do it. I'm doing a row of a table (in hot mode) to become selected if you click on one of its cells.  Here is my point: int CVICALL

  • Upgrading RAM for E17 - E5 - 773 G - JA

    Hi guys,. So I recently bought a new laptop, thinking I'll upgrade them over time as I usually do with my gear. Apparently this isn't the best idea when you want (some?) laptops if you do not do your research. The laptop was offered for $600 instead

  • Firefox is better than IE 9?

    I use want ut I.E.9 to know if firefox 4 is better?

  • Provisioning of UNIX users

    HelloI created a policy based access service.I created a user, assigned the user with the role, but when I ran the assessment of user, user account State policies is under preparation.In the log files, I couldn't understand what the real cause of the

  • Several profiles to run at the same time

    I'm under view Planner 3.0. I've always been running one profile to run at a time. It was my assumption that was the only way to do this, run run profiles in series.Anyone know if it is possible to have several profiles of race running at the same ti