Header
Home | Set as homepage | Add to favorites
  Search the Site     » Advanced Search
Sections
Syndication


Blogroll:

||||| ALL Cisco-Network ARTICLES |||||  
CCIE Journey,
The CCIE Journey,

Home : Cisco Computer Networking : Hashing Passwords to Create a Message Digest

Hashing Passwords to Create a Message Digest

Nov 26,2008 by alperen

small font medium font large font
image

Hashing Passwords to Create a Message Digest


The figure shows six steps that are used in this case to authenticate the user, but the password never passes over the network; therefore, even if someone captures all the packets, it doesn't allow him to steal Fred's identity. The clear-text password is configured at the ISP, typically in a AAA server. The user knows the password and types it in. However, rather than sending the password, the PC sends in a message digest. A message digest is the result of running a mathematical function that has two inputs: the password and a random number. To see how it works, compare these points to the points in Figure 17-5:

1.
The router generates a random number and sends it in a CHAP message to the PC.

2.
The PC runs a math function, with the random number and the password typed by the user as input.

3.
The PC sends the results of the function, called a message digest, back to the router.

4.
The router sends the username, the random number, and the message digest to the AAA server.

5.
The AAA server uses the same math that the client used at Step 2, with the same random number, plus the password associated with that username in the AAA user database. The result is another message digest. If the message digest calculated by the AAA server matches the one calculated by the PC, the password that the user typed must be the right one.

6.
The AAA server tells the router that the user is authentic; the router tells the PC, and life goes on.

It seems laborious, but it works quickly, and it works well. Notice that the password never passed through a network connection.

This scheme works well because even if someone has a sniffer or another tool and captures the packets, it doesn't matter. The math function that's used to create the message digest is purposefully chosen so that it's hard to calculate the original password, even knowing both the mathematical function and the random number. And the next time the PC needs to authenticate, the router will send a new random number, causing a new message digest value to be calculated.


111 times read

Related news
» EAP Message Digest 5 (EAP-MD5) and EAP Transport LAN Services (EAP-TLS)
by alperen posted on Jul 18,2009
» Chapter 17
by alperen posted on Nov 26,2008
» Enabling OSPF Authentication
by admin posted on Jul 21,2008
» Authentication Header (AH)
by alperen posted on Sep 24,2009
» Stopping Someone from Using Your License (Password)
by alperen posted on Nov 26,2008
Did you enjoy this article?
1 2 3 4 5
(total 0 votes)

comment Comments (0 posted) 

More Top News
CCSP-Cisco Certified Security Professional
arrow Cisco SAFE Implementation
arrow Preparation Documents
arrow Exam Topics
arrow Skills Required for the Exam
arrow Cisco SAFE Implementation Questions and Answers
arrow Access Control Lists Cisco
arrow Access List Basics
arrow Standard Access Lists
arrow Verifying ACLs
arrow Extended Access Lists
arrow TCP Access Lists
arrow UDP Access Lists
arrow ICMP Access Lists
arrow Named Access Lists
arrow Signature and Alarm Management Review
arrow Signature and Alarm Management Review Questions and Answers
arrow Event Viewer
arrow Managing Alarms
arrow Event Viewer Customization
arrow Preference Settings
arrow Sensor Installation
arrow Connecting to Your Network Sensor Appliance
arrow Sensor Bootstrap
arrow Sensor Installation and Configuration Review
arrow Sensor Installation and Configuration Questions and Answers
arrow Signature and Alarm Management
arrow CIDS Signatures
arrow Signature Series
arrow Signature Implementations
arrow Signature Classes
arrow Signature Types
arrow Signature Severity
Most Popular
Most Commented
Featured Author

alperen

image
<| Cisco Articles | Maximum Learning | All Cisco-Network Study Notes | Privacy Policy |>
If you think you own the material being used without permission, contact alperenmad[at]hotmail.com. material will be removed from the site.