Whoops...looks like I've started a new thread here. ;-)
Hashing:
What's green and red and goes a hundred miles an hour? You guessed it, a
frog in a blender. When you "hash" a password, that's essentially what
you're doing - putting it in a blender and making something completely
different that no one would immediately recognize. And just like our poor
frog (nod to PETA there), once it's gone through the blender, we will never,
ever get a frog back from the goo. It's (theoretically) mathematically
impossible to un-hash a hashed password (I know there are programs out there
that do this, but I'm talking about MD5 hashing - can't be undone in this
day and age...but has anyone else been following quantum computing? Scary
stuff...).
Encryption:
In encryption, we're "disguising" our frog to look like something else, with
the *intention* of removing the disguise at some point and getting our
original frog back. The technical term used is "key." We use a public key
to encrypt, and a private key to decrypt. The point is, we get the original
thing back in a useable form, and not just a lump of goo.
On the Cisco router, we have a command "service password-encryption." Well,
what we're *really* doing is hashing. We're not using a public key to
encrypt - we're hashing the password into an unrecognizeable lump of goo.
When the router prompts us for a password, we enter it, and then the
password we enter is run through the same blender - the same hashing
algorithm. If the result is green and red and going a hundred miles an hour
(which is what the router is looking for), then we're let in. If the result
is blue and yellow and going a hundred miles an hour, then it obviously
wasn't a frog we put into the blender.
Anyone else who wants to jump in, feel free - I am by no means an expert on
security - this is just how I understand it. :-)
Bradley J. Wilson
CCNP, CCDP, MCSE, NNCSS, CNX, MCT, CTT
----- Original Message -----
From: Nabil Fares
To: Bradley J. Wilson
Sent: Saturday, February 24, 2001 11:07 AM
Subject: RE: LOL
Hello brad,
Your last sentence caught my eye "the difference between hashing
and encryption...", would you mind giving me a brief description or the
different between them.
Thank you,
Nabil
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Bradley J. Wilson
Sent: Saturday, February 24, 2001 6:01 AM
To: cisco
Subject: Re: LOL
I find myself sitting here wondering if I could actually say this in my
classes...I'm already pushing the envelope I think by using the "Princess Di
Never Tried to Sleep with Prince Andrew" mnemonic for the OSI Model, and one
of these days I'm going to have someone from PETA in my class when I use the
old "frog in a blender" joke when discussing the difference between hashing
and encryption...
Political correctness: it can be your friend, and it can be your enemy.
BJ
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
