Technical Forum
Ask questions. Discover Answers.
cancel
Showing results for 
Search instead for 
Did you mean: 

Understanding ltm monitor password hashes

fubarSUSHI
Altocumulus
Altocumulus

Is this normal? I have a ltm monitor with a password associated. When I do a diff from ucs1 vs ucs2 (even though nothing has changed... "I believe") the password hashes are different.

 

example:

 

ltm monitor ldab /Common/some-vip

 

...

 

password $M$abcde...fghijk== (What type of hash is this and can it be decrypted?)

 

to

 

password $M$a1b2c3...d4e5f6==

 

...

 

Does the $M$ represent something specific or is it just signifying that its a "Monitor" password?

 

What does the "==" represent at the end of the hash?

 

I read a different devcentral article where there may be a possibility that "SALT" is deployed in ltm monitors?

 

1 REPLY 1

samstep
Cirrocumulus
Cirrocumulus

I have found this F5 Knowledgebase Solution which is likely to be related to the behavior that you are seeing:

 

SOL16902: Secure Vault encrypted passphrase values for BIG-IP configuration objects no longer match ...

 

So it states that the difference in encrypted passwords is purely "cosmetic" as even though the encrypted values look different they will get decrypted to the same value and functionality will be preserved.

 

From v11.5 F5 started to use the Secure Vault Master Key to encrypt ALL passphrases inside in the bigip.conf (not just SSL private keys) - there is another F5 solution which talks about the impact of this on UCS files and explains a bit the $M prefix:

 

https://support.f5.com/kb/en-us/solutions/public/9000/400/sol9420.html

 

Hope this helps,

 

Sam