You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to that analysis, this is another way to state the algorithm:
In order to calculate the correct MD5 hash, the following method should be used:
(a) Build the OSPF packet as normal, ensuring that the key number and authentication sequence number are populated. The OSPF length field must contain the total number of bytes in the packet at this point. The checksum must be set to zero.
(b) The authentication key / password in plaintext must be adjusted to exactly 16 bytes, i.e. if the key is longer than 16 bytes then it must be truncated, shorter keys must be padded with null (0x00) bytes until 16 bytes long. The resulting 16 byte "modified authentication key" is then appended to the packet.
(c) The MD5 hash must be calculated over the entire result, i.e. the original OSPF packet plus the 16 byte modified authentication key.
(d) The resulting hash is then written over the modified authentication key in the last 16 bytes of the packet.
OSPFv2 MD5 digest auth mode as specified in RFC2328, section D.4.3 (p231)
https://www.ietf.org/rfc/rfc2328.txt
Because the OSPF data itself is used in the hashing, a valid captured OSPF packet is needed.
This implementation claims support (not tested):
https://github.com/theclam/dechap
Related analysis:
https://networkingbodges.blogspot.com/2013/10/offline-attack-on-md5-keys-in-captured.html
According to that analysis, this is another way to state the algorithm:
Thanks to @Chick3nman for the research.
The text was updated successfully, but these errors were encountered: