From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Wed Dec 03 2003 - 15:35:24 GMT-3
Scott,
I was just pointing out that the OSPF authentication-key will not work as an
MD5 hash ;-) This is the same reason that the username command with the new
MD5 password option can not be used with CHAP authentication.
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Wednesday, December 03, 2003 9:19 AM
To: 'Brian Dennis'; 'Ashok Verma (ashoverm)'; ccielab@groupstudy.com
Subject: RE: OSPF Authentication
Funny guy,
A hash is used for compared values, but you know that. In the specific
case mentioned, you kinda can't do that. But you know that to.
Should have re-phrased to note that my answer was generic to "encryption
types" as specified by the first sentence? Or would a long disclaimer
at the end of the message assist in teaching a concept versus giving a
specific answer?
;)
How's the studying going?
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: Brian Dennis [mailto:bdennis@internetworkexpert.com]
Sent: Wednesday, December 03, 2003 11:38 AM
To: 'Scott Morris'; 'Ashok Verma (ashoverm)'; ccielab@groupstudy.com
Subject: RE: OSPF Authentication
Blackhawk,
In regards to OSPF plain text authentication, you stated below that by
using '5' the password is being put in as an MD5 hash. So the question
is if the password is stored as an MD5 hash in the configuration, how
will OSPF be able to reverse the hash so it can send the password across
in clear text?
;-)
Brian Dennis, CCIE #2210 (R&S/ISP-Dial/Security)
bdennis@internetworkexpert.com
Toll Free: 877-224-8987
Direct: 775-745-6404 (Outside the US and Canada)
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Scott Morris
Sent: Wednesday, December 03, 2003 5:01 AM
To: 'Ashok Verma (ashoverm)'; ccielab@groupstudy.com
Subject: RE: OSPF Authentication
The encryption type is something that should be specified by the router.
YOU should use '0' if you feel the need to type something in there. If
you use '7', you are telling the router that the string you are typing
in is already encrypted with the Cisco-lite encryption. If you use '5',
you ar telling the router that the string you are typing in is already
encrypted as an MD5 hash.
So if you type anything other than '0', you are telling the router that
you are typing in a PRE-encrypted string. This is useful if you are
copying (e.g. cut 'n' paste) configs from another router, but otherwise,
not likely.
HTH,
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
CISSP, JNCIS, et al. IPExpert CCIE Program Manager IPExpert Sr.
Technical Instructor swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Ashok Verma (ashoverm)
Sent: Wednesday, December 03, 2003 3:17 AM
To: ccielab@groupstudy.com
Subject: OSPF Authentication
Hi
I have a question about the OSPF authentication, When we configure
simple clear text authentication by using the " ip ospf
authetication-key <encription type 0-7> <key>.
Which Encrytion type should be used.Sometime this gives problem in
authentication of the the hello between neighbours.
Thanks in advance
Ashok Kumar Verma
CCIP,CCDP,CCNP
Network Consulting Engineer
Customer Advocacy Advanced Service Dep.
Service Provider AS Div.2
Cisco Systems, K.K.Japan.
Tel: +81-3-5324-4583
e-mail: ashoverm@cisco.com
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:35 GMT-3