Forum Discussion
AltocumulusUnderstanding ltm monitor password hashes
Is this normal? I have a ltm monitor with a password associated. When I do a diff from ucs1 vs ucs2 (even though nothing has changed... "I believe") the password hashes are different.
example:
ltm monitor ldab /Common/some-vip
...
password $M$abcde...fghijk== (What type of hash is this and can it be decrypted?)
to
password $M$a1b2c3...d4e5f6==
...
Does the $M$ represent something specific or is it just signifying that its a "Monitor" password?
What does the "==" represent at the end of the hash?
I read a different devcentral article where there may be a possibility that "SALT" is deployed in ltm monitors?
1 Reply
samstepCirrocumulus
I have found this F5 Knowledgebase Solution which is likely to be related to the behavior that you are seeing:
So it states that the difference in encrypted passwords is purely "cosmetic" as even though the encrypted values look different they will get decrypted to the same value and functionality will be preserved.
From v11.5 F5 started to use the Secure Vault Master Key to encrypt ALL passphrases inside in the bigip.conf (not just SSL private keys) - there is another F5 solution which talks about the impact of this on UCS files and explains a bit the $M prefix:
https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html
Hope this helps,
Sam
