Feed on

TL;DR it’s SHA1 with no newline

We wanted to create off-line templates for our Netgear SmartManaged switches (which runs a blatant IOS CLI ripoff), but needed a way to generate the encrypted password hash from a given plaintext password:

username test password test
username test password encrypted a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

For the life of me I couldn’t figure out what algorithm they used, it wasn’t an obvious salted hash (lack of $x$saltsalt$ prefix) nor was it the old style Cisco MD5 mechanism. Wasn’t SHA256 either.  It’s 40 characters long, consisting of [a-z0-9] which looked like a hex representation of something. Frantic googling wasn’t helping me, nor the myriad of various password generators.

I was at my wits end and was about to post on r/networking (yay talking to rubber duckies) about it when I decided to go back at the list of algorithms I tried and wondered if we tried SHA1 with no line return like I had seen in some examples. That worked:

bwann@basic76:~$ echo -n "test" | openssl sha1
(stdin)= a94a8fe5ccb19ba61c4c0873d391e987982fbbd3

Leave a Reply