[英]How to encode a Cisco Type 8 secret without a cisco device using python
I was wondering if it is possible to generate the hashed secret shown in the CISCO documentation using a python script, without a CISCO device.我想知道是否可以在没有 CISCO 设备的情况下使用 python 脚本生成 CISCO 文档中显示的散列密钥。
https://learningnetwork.cisco.com/s/article/cisco-routers-password-types https://learningnetwork.cisco.com/s/article/cisco-routers-password-types
Example :
R1(config)# username yasser algorithm-type sha256 secret cisco
R1# show running-config | inc username
username yasser secret 8 $8$dsYGNam3K1SIJO$7nv/35M/qr6t.dVc7UY9zrJDWRVqncHub1PE9UlMQFs
The hash values from the linked example can be reproduced if the following is considered in addition to the information given there:如果除了此处提供的信息之外还考虑以下内容,则可以复制链接示例中的 hash 值:
$8$<salt>$<Base64 encoded PBKDF2 hash>
格式为$8$<salt>$<Base64 encoded PBKDF2 hash>
./0-9A-Za-z
as Base64 alphabet ./0-9A-Za-z
为 Base64 字母表While the iteration count is described here , the others are more or less educated guesses (eg ./0-9A-Za-z
is a common variant with the letter .
), which are eventually confirmed by the successful tests.虽然这里描述了迭代计数,但其他或多或少是有根据的猜测(例如./0-9A-Za-z
是带有字母.
的常见变体),最终通过成功的测试得到证实。
A possible Python implementation is:一个可能的 Python 实现是:
import hashlib
import base64
STD_B64_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/'
CISCO_B64_ALPHABET = './0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
TRANS = str.maketrans(STD_B64_ALPHABET, CISCO_B64_ALPHABET)
def b64CiscoEncode(data):
return base64.b64encode(data).decode('ascii').translate(TRANS).rstrip('=')
def type8Hash(salt, password):
return b64CiscoEncode(hashlib.pbkdf2_hmac('sha256', password, salt, 20000))
# $8$mTj4RZG8N9ZDOk$elY/asfm8kD3iDmkBe3hD2r4xcA/0oWS5V3os.O91u.
print(type8Hash(b'mTj4RZG8N9ZDOk', b'cisco')) # elY/asfm8kD3iDmkBe3hD2r4xcA/0oWS5V3os.O91u.
# $8$dsYGNam3K1SIJO$7nv/35M/qr6t.dVc7UY9zrJDWRVqncHub1PE9UlMQFs
print(type8Hash(b'dsYGNam3K1SIJO', b'cisco')) # 7nv/35M/qr6t.dVc7UY9zrJDWRVqncHub1PE9UlMQFs
which successfully reproduces the hashes from the linked example.它成功地重现了链接示例中的哈希值。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.