Fortinet Document Library

Version:

Version:

Version:


Table of Contents

Cookbook

Download PDF
Copy Link

Encryption hash used by FortiOS for local pwd/psk

In these days of heightened security awareness, it makes sense to understand what is protecting your passwords from prying eyes. For anyone that has seen the configuration file of a FortiGate device, you are aware that there are some passwords stored in this plain text file. With the processing power of computers getting faster some people are concerned that if someone can access this string of characters that a password can be decrypted. This information is to help relieve that concern.

The string of characters in place of the password in the configuration file is an encrypted hash of the password. The encryption hash used for admin account passwords is Advanced Encryption Standard (AES). The value that is seen in the configuration file is the Base64 encoded hash value. Any size discrepancy between the actual size and the size that might be expected is probably because the actual size includes a 3-byte value to identify the type of password (four types are supported) and a 12-byte IV.

In the case of the password field in a config user local entry, in the pre-shared key (PSK) field in a config FortiOS then the fields are not stored as a hash of the password. Instead, the plain text password is stored. What is seen in the configuration file is an encoded version of the password. The encoding consists of encrypting it with a fixed key using AES (the same that is used in Federal Information Processing Standards (FIPS) mode of the firmware) and then Base64 encoding the result.

There is often no alternative to storing the (DES/AES encoded) plain text password. For example, the PSK in a config VPN IPsec phase1 is defined by IKE to be the key in a keyed-hash message authentication code (HMAC) calculation that is used to derive the actual key that will be used to secure the Internet Key Exchange (IKE) messages. Since neither the PSK or a hash of it are sent on the wire in the IKE handshake it requires that both sides have the plain text PSK. Thus

Encryption hash used by FortiOS for local pwd/psk

In these days of heightened security awareness, it makes sense to understand what is protecting your passwords from prying eyes. For anyone that has seen the configuration file of a FortiGate device, you are aware that there are some passwords stored in this plain text file. With the processing power of computers getting faster some people are concerned that if someone can access this string of characters that a password can be decrypted. This information is to help relieve that concern.

The string of characters in place of the password in the configuration file is an encrypted hash of the password. The encryption hash used for admin account passwords is Advanced Encryption Standard (AES). The value that is seen in the configuration file is the Base64 encoded hash value. Any size discrepancy between the actual size and the size that might be expected is probably because the actual size includes a 3-byte value to identify the type of password (four types are supported) and a 12-byte IV.

In the case of the password field in a config user local entry, in the pre-shared key (PSK) field in a config FortiOS then the fields are not stored as a hash of the password. Instead, the plain text password is stored. What is seen in the configuration file is an encoded version of the password. The encoding consists of encrypting it with a fixed key using AES (the same that is used in Federal Information Processing Standards (FIPS) mode of the firmware) and then Base64 encoding the result.

There is often no alternative to storing the (DES/AES encoded) plain text password. For example, the PSK in a config VPN IPsec phase1 is defined by IKE to be the key in a keyed-hash message authentication code (HMAC) calculation that is used to derive the actual key that will be used to secure the Internet Key Exchange (IKE) messages. Since neither the PSK or a hash of it are sent on the wire in the IKE handshake it requires that both sides have the plain text PSK. Thus