I'd just wanted to tag-on to the hash can't be undone statement. It's not
always apparent why a hash can't be undone. I know a few people that would
say the doctor on Star Trek would have no problem putting the frog back
together. To them it's still in the realm of possible, no matter how hard
it might be to do.
First let me say that a hash that can be undone, isn't a hash but one-way
encryption. A proper hash, when undone yields an infinite number of
answers. Here's a simple example: what's the square root of 4? 2 and -2
So if your simple hash was to square the original number, to unhash (or
square root) you get two answers, with no way to tell which is correct or
original number. You are uncertain of the which answer is right. Now
expand that concept to an iterative algorithm with multiple stages of
uncertainty. You can create a new value from an original value, that when
you try to reverse the mathematics you can get billions of answers and only
one is correct.
Let's go a little deeper. Use complex numbers so that squaring results in
a -1, what's the square root of -1? it's undefined So how do you undo
that? Also, you now have negative and positive numbers being generated,
what if you engineer the hash algorithm so they can cancel each other?
Parts of the value(s) in the intermediate steps disappear. The possible
unhash answers become infinite, since to undo the hash, you have to
represent these unknowns with variables and it is possible that the number
of unknowns itself is unknown.
So a hash from A to B is one-to-one, but an unhash of B is infinite. The
modulus function (remainder of an integer division) is a simple example of
this relationship. A= 21 A modulus 5 => B=1 If you were able to
"un"-modulus B the answer is N*5+B, where N is the infinite set of integers.
Obviously, modulus isn't used as a hash since 6, 11,16, and 21 would all be
the same valid password. So how does a hash guarantee that many A values
don't result in the same B result? I'll let you figure that out, but here's
a hint. How many numbers are between 1 and 2; and how many between 2 and 3?
Sorry for carrying on, and I know I skipped a ton of stuff. I just thought
some of you might enjoy more detail than a frog in a blender. Which is a
great description. (and much better than my frog in a salad shooter... :))
Rodgers Moore
""Bradley J. Wilson"" <[EMAIL PROTECTED]> wrote in message
001501c09e83$8faf2b20$ca01010a@bwilson">news:001501c09e83$8faf2b20$ca01010a@bwilson...
> Whoops...looks like I've started a new thread here. ;-)
>
> Hashing:
>
> What's green and red and goes a hundred miles an hour? You guessed it, a
> frog in a blender. When you "hash" a password, that's essentially what
> you're doing - putting it in a blender and making something completely
> different that no one would immediately recognize. And just like our poor
> frog (nod to PETA there), once it's gone through the blender, we will
never,
> ever get a frog back from the goo. It's (theoretically) mathematically
> impossible to un-hash a hashed password (I know there are programs out
there
> that do this, but I'm talking about MD5 hashing - can't be undone in this
> day and age...but has anyone else been following quantum computing? Scary
> stuff...).
>
> Encryption:
>
> In encryption, we're "disguising" our frog to look like something else,
with
> the *intention* of removing the disguise at some point and getting our
> original frog back. The technical term used is "key." We use a public
key
> to encrypt, and a private key to decrypt. The point is, we get the
original
> thing back in a useable form, and not just a lump of goo.
>
> On the Cisco router, we have a command "service password-encryption."
Well,
> what we're *really* doing is hashing. We're not using a public key to
> encrypt - we're hashing the password into an unrecognizeable lump of goo.
> When the router prompts us for a password, we enter it, and then the
> password we enter is run through the same blender - the same hashing
> algorithm. If the result is green and red and going a hundred miles an
hour
> (which is what the router is looking for), then we're let in. If the
result
> is blue and yellow and going a hundred miles an hour, then it obviously
> wasn't a frog we put into the blender.
>
> Anyone else who wants to jump in, feel free - I am by no means an expert
on
> security - this is just how I understand it. :-)
>
> Bradley J. Wilson
> CCNP, CCDP, MCSE, NNCSS, CNX, MCT, CTT
>
>
>
> ----- Original Message -----
> From: Nabil Fares
> To: Bradley J. Wilson
> Sent: Saturday, February 24, 2001 11:07 AM
> Subject: RE: LOL
>
>
> Hello brad,
>
> Your last sentence caught my eye "the difference between hashing
> and encryption...", would you mind giving me a brief description or the
> different between them.
>
> Thank you,
>
> Nabil
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Bradley J. Wilson
> Sent: Saturday, February 24, 2001 6:01 AM
> To: cisco
> Subject: Re: LOL
>
>
> I find myself sitting here wondering if I could actually say this in my
> classes...I'm already pushing the envelope I think by using the "Princess
Di
> Never Tried to Sleep with Prince Andrew" mnemonic for the OSI Model, and
one
> of these days I'm going to have someone from PETA in my class when I use
the
> old "frog in a blender" joke when discussing the difference between
hashing
> and encryption...
>
> Political correctness: it can be your friend, and it can be your enemy.
>
> BJ
>
>
> _________________________________
> FAQ, list archives, and subscription info:
http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
