Encryption hash used by FortiOS for local pwd/psk


In these days of heightened security awareness, it makes sense to understand what is protecting your passwords from prying eyes. For anyone that has seen the configuration file of a FortiGate device, you are aware that there are some passwords stored in this plain text file. With the processing power of computers getting faster some people are concerned that if someone can access this string of characters that a password can be decrypted. This information is to help relieve that concern.

The string of characters in place of the password in the configuration file is an encrypted hash of the password. The encryption hash used for admin account passwords is Advanced Encryption Standard (AES). The value that is seen in the configuration file is the Base64 encoded hash value. Any size discrepancy between the actual size and the size that might be expected is probably because the actual size includes a 3-byte value to identify the type of password (four types are supported) and a 12-byte IV.

In the case of the password field in a config user local entry, in the pre-shared key (PSK) field in a config VPN IPsec phase1, and for every other use of password/PSK in FortiOS then the fields are not stored as a hash of the password. Instead, the plain text password is stored. What is seen in the configuration file is an encoded version of the password. The encoding consists of encrypting it with a fixed key using AES (the same that is used in Federal Information Processing Standards (FIPS) mode of the firmware) and then Base64 encoding the result.

There is often no alternative to storing the (DES/AES encoded) plain text password. For example, the PSK in a config VPN IPsec phase1 is defined by IKE to be the key in a keyed-hash message authentication code (HMAC) calculation that is used to derive the actual key that will be used to secure the Internet Key Exchange (IKE) messages. Since neither the PSK or a hash of it are sent on the wire in the IKE handshake it requires that both sides have the plain text PSK. Thus storing a hash of the password is not feasible in that case.

Bruce Davis

Bruce Davis

Technical Writer at Fortinet
Bruce has been working with computers, and related technology, since before the World Wide Web was a thing. He has worked in system and network administration. He has even dabbled in technical support. He has made the switch to technical writing as part of his deep, dark and dastardly plan to make the arcane machinations of IT technology more easily understood by the poor folks who use it. That, and the voices in his head told him it was good idea. Never argue with the voices in your head. People will start to stare.
Bruce Davis

Latest posts by Bruce Davis (see all)

  • Was this helpful?
  • Yes   No