Thursday, November 16, 2017

HOWTO:Decode PreSharedKeys Juniper SRX

In junos they have a great feature.


To decrypt a configured  pre-shared-key,  you only need to apply the  hash with the request system decrypt.

This works great if you have pre-existing  ipsec-configurations , and you  mis-placed or don't want to  re-key a vpn tunnel.

or if a sec-engineer leaves the company and fails to document the PSK for vpn-tunnels.



e.g



A fortigate for example , does not have this feature.

So unless your fortigate is peer'd with a linux-swan, cisco asa or juniperSRX, you  have almost a zero% chance of  decoding the share PSK.

This also make the fortiOS superior in protection of  the "PSK",  since it  can't easily be decode base on just a  interception of a  fortios conf file.

So when passing JuniperSRX cfg files around, you want to redact the  PSK values.



Ken Felix



NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com
     ^      ^
=(  @  @ )=
         o 
        /  \

No comments:

Post a Comment