Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
Highlighted
COTD: Recover a forgotten key
COTD: Recover a forgotten key
05-15-2007 06:03 AM
Have you ever tried to remember what that secret key was that you configured for a RADIUS server? What about trying to find out the encryption key?
By default we will hide the sensitive information from view, like this:
Code:
(Greig) #show wlan ssid-profile default | include Key
WEP Key 1 ********
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
(Greig) #
Well, this weeks command of the week is "encrypt disable" that will let you view all of the sensitive information stored in the system. You configure it like so:
Code:
(Greig) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(Greig) (config) #encrypt disable
(Greig) #
And now you can see what that key was:
Code:
(Greig) #show wlan ssid-profile default | include Key
WEP Key 1 12345678901234567890123456
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
(Greig) #
This currently works for ALL sensitive information stored and shown by the switch. You can also use this command to get yourself a copy of the running configuration without having hashed passwords.
Note- for all of the security sensitive people out there who don't like this, it will be different in 3.2. All of the passwords that we can hash and turn into a one-way hash representative, will from 3.2 be stored internally as the one-way hash. There are certain passwords however that we need to have access to in plaintext and so it will not be for all secrets.
By default we will hide the sensitive information from view, like this:
Code:
(Greig) #show wlan ssid-profile default | include Key
WEP Key 1 ********
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
(Greig) #
Well, this weeks command of the week is "encrypt disable" that will let you view all of the sensitive information stored in the system. You configure it like so:
Code:
(Greig) #configure t
Enter Configuration commands, one per line. End with CNTL/Z
(Greig) (config) #encrypt disable
(Greig) #
And now you can see what that key was:
Code:
(Greig) #show wlan ssid-profile default | include Key
WEP Key 1 12345678901234567890123456
WEP Key 2 N/A
WEP Key 3 N/A
WEP Key 4 N/A
WEP Transmit Key Index 1
(Greig) #
This currently works for ALL sensitive information stored and shown by the switch. You can also use this command to get yourself a copy of the running configuration without having hashed passwords.
Note- for all of the security sensitive people out there who don't like this, it will be different in 3.2. All of the passwords that we can hash and turn into a one-way hash representative, will from 3.2 be stored internally as the one-way hash. There are certain passwords however that we need to have access to in plaintext and so it will not be for all secrets.
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Alert a Moderator