TACACS server key

brandon5150 · ‎04-08-2010

Ok. I'll go out on a limb here, what is the risk of a compromised tacacs server key? It doesn't seem like all that much. You can use it to try and authenticate a user against the server directly?

Is there a reason that the key is encrypted using Cisco's Type 7 encryption which is easily reversed versus something like MD5 or SHA1 when stored in the router configuration?

Panos Kampanakis · ‎04-08-2010

As you said, someone having the key could authenticate users against the server, but he could not steal usernames and passwords. It is more of a shared secret between the router and TACACS. Not that it is a pleasant situation for someone to steal it.

Even if it was MD5 it is still susceptible to attacks. Those would be harder that the type 7 encryption.

Not all key features were designed to be obfuscated the same way.

For example for IKE keys you can even encrypt them for AES, but you cannot do it for ospf keys.

I hope it clarifies it a little.

PK

brandon5150 · ‎04-08-2010

Thanks for the reply.

After reading through the RFC I guess since the key is also used for a pad function on the communication, knowing what it is could simplify cryptanalysis of the packet to allow someone to determine usernames and passwords as it crosses the wire.

B