From: Gustavo Novais (gustavo.novais@novabase.pt)
Date: Mon Jul 25 2005 - 14:15:54 GMT-3
Hello,
I sent an email earlier stating that it was a bug admitted on the tests
maker suport forum.
Thank you for your concern anyway
No, it wasn't Internetwork Expert ;) It was the competition...
Thanks
Gustavo
-----Original Message-----
From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
Sent: segunda-feira, 25 de Julho de 2005 18:12
To: Gustavo Novais; lab
Subject: RE: user <user> secret <password> and CHAP doubt
Gustavo,
<cco>
MD5 encryption is a one-way hash function that makes reversal of
an encrypted password impossible, providing strong encryption
protection. Using MD5 encryption, you cannot retrieve clear text
passwords. Thus, MD5 encrypted passwords cannot be used with protocols
that require the clear text password to be retrievable, such as
Challenge Handshake Authentication Protocol (CHAP).
</cco>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft
/122t/122t8/ft_md5.htm
This question isn't in the Internetwork Expert lab workbook is
it?
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Gustavo Novais
> Sent: Sunday, July 24, 2005 11:31 AM
> To: lab
> Subject: user <user> secret <password> and CHAP doubt
>
> Hello
>
> I'm doing a lab on which the requirement is that we use CHAP
> authentication, but on one of the involved routers the username for
the
> remote must be stored as such you shouldn't be able to decode the
> password from the config.
>
> This points me to user XXX secret pass, which encrypts the pass with
> MD5.
> The thing is, as stated on
>
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121newft
> /121limit/121e/121e8/8e_md5.htm
>
> CHAP doesn't "like" that we store the passwords as MD5, It needs them
to
> be on plain text so he can derive its own md5 challenge.
>
> I can turn around the issue by simply not authenticating the remote
> side, thus no need of local username, and then it can be whatever I
> want. But I think this ugly...
>
> this appeared on IPexpert challenge 26, ISDN question.
>
> Any thoughts?
>
> TIA
>
> Gustavo
>
> PS. I can also see what is the hash of the password and use the hash
> instead of the password, and store it as plain text, but this would be
> even uglier...
>
>
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:31 GMT-3