password for BGP in clear-text in bird.conf file?

Stanislav Datskevich sdatskevich at gmail.com
Sat Apr 25 20:00:06 CEST 2015


There is nothing to discuss: as BIRD needs access to the plain-text
password, best way is to store it in plain-text. If BIRD would encrypt
passwords, in any case it will store key in local filesystem, or it will be
hardcoded in its sources.
Cisco, for example, stores that passwords in so-called "type 7"
passphrases. Go to Google, type "cisco type 7 password decrypt" and volia -
you can easily get password from cisco's running-config: just type
encrypted one into the form.

2015-04-25 20:04 GMT+03:00 Alex Bligh <alex at alex.org.uk>:

>
> On 25 Apr 2015, at 17:25, Christopher Jay Manders <cjmanders at gmail.com>
> wrote:
>
> > It is a security issue to have a password stored in clear-text.
>
> bird needs to obtain the password in plain text.
>
> If bird can decrypt the stored value, so can anything else with file
> permissions
> to read the file.
>
> --
> Alex Bligh
>
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20150425/0a288507/attachment.html>


More information about the Bird-users mailing list