ON THIS PAGE
Hardening Shared Secrets in Junos OS
Understanding Hardening Shared Secrets
Existing shared secrets ($9$ format) in Junos OS currently use an obfuscation algorithm, which is not a very strong encryption for configuration secrets. If you want a strong encryption for your configuration secrets, you can configure a master password. The master password is used to derive an encryption key that is used with AES256-GCM to encrypt configuration secrets. This new encryption method uses the $8$ formatted strings.
Starting with Junos OS Release 15.1X49-D50, new CLI commands are introduced to configure a system master password to provide stronger encryption for configuration secrets. The master password encrypts secrets like the RADIUS password, IKE preshared keys, and other shared secrets in the Junos OS management process (mgd) configuration. The master password itself is not saved as part of the configuration. The password quality is evaluated for strength, and the device gives feedback if weak passwords are used.
The master password is used as input to the password based key derivation function (PBKDF2) to generate an encryption key. the key is used as input to the Advanced Encryption Standard in Galois/Counter Mode (AES256-GCM). The plain text that the user enters is processed by the encryption algorithm (with key) to produce the encrypted text (cipher text). See Figure 1
The $8$ configuration secrets can only be shared between devices using the same master password.
The $8$-encrypted passwords have the following format:
$8$crypt-algo$hash-algo$iterations$salt$iv$tag$encrypted. See Table 1 for the master password format details.
Table 1: $8$-encrypted Password Format
Encryption/decryption algorithm to be used. Currently only AES256-GCM is supported.
Hash (prf) algorithm to be used for the PBKDF2 key derivation.
The number of iterations to use for the PBKDF2 hash function. Current iteration-count default is 100. The iteration count slows the hashing count, thus slowing attacker guesses.
Sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used to salt (a random, but known string) the password and input to the PBKDF2 key derivation.
A sequence of ASCII64-encoded pseudorandom bytes generated during encryption that are to be used as initialization vector for the AES256-GCM encryption function.
ASCII64-encoded representation of the tag.
ASCII64-encoded representation of the encrypted password.
The ASCII64 encoding is Base64 (RFC 4648) compatible, except
no padding (character “=”) is used to keep the strings
short. For example: $8$aes256-gcm$hmac-sha2-256$100$y/4YMC4YDLU$fzYDI4jjN6YCyQsYLsaf8A$Ilu4jLcZarD9YnyD
Chassis Cluster Considerations
When defining a chassis cluster on SRX Series devices, be aware of the following restrictions:
For SRX Series devices, first configure the master password on each node, and then build the cluster. The same master password should be configured on each node.
In chassis cluster mode, the master password cannot be deleted.
A change in the master password would mean disruption in chassis clustering; therefore you must change the password on both nodes independently.