This is very interesting. Would you please talk more on the section below. There are
infinite numbers between 1 and 2 and 2 and 3. But how does that guarantee uniqueness
of passwords?
"So how does a hash guarantee that many A values
don't result in the same B result? I'll let you figure that out, but here's a hint.
How many numbers are between 1 and 2; and how many between 2 and 3"
---------- Original Message ----------------------------------
From: "Rodgers Moore" <[EMAIL PROTECTED]>
Reply-To: "Rodgers Moore" <[EMAIL PROTECTED]>
Date: Sat, 24 Feb 2001 18:54:12 -0500
>I'd just wanted to tag-on to the hash can't be undone statement. It's not
>always apparent why a hash can't be undone. I know a few people that would
>say the doctor on Star Trek would have no problem putting the frog back
>together. To them it's still in the realm of possible, no matter how hard
>it might be to do.
>
>First let me say that a hash that can be undone, isn't a hash but one-way
>encryption. A proper hash, when undone yields an infinite number of
>answers. Here's a simple example: what's the square root of 4? 2 and -2
>So if your simple hash was to square the original number, to unhash (or
>square root) you get two answers, with no way to tell which is correct or
>original number. You are uncertain of the which answer is right. Now
>expand that concept to an iterative algorithm with multiple stages of
>uncertainty. You can create a new value from an original value, that when
>you try to reverse the mathematics you can get billions of answers and only
>one is correct.
>
>Let's go a little deeper. Use complex numbers so that squaring results in
>a -1, what's the square root of -1? it's undefined So how do you undo
>that? Also, you now have negative and positive numbers being generated,
>what if you engineer the hash algorithm so they can cancel each other?
>Parts of the value(s) in the intermediate steps disappear. The possible
>unhash answers become infinite, since to undo the hash, you have to
>represent these unknowns with variables and it is possible that the number
>of unknowns itself is unknown.
>
>So a hash from A to B is one-to-one, but an unhash of B is infinite. The
>modulus function (remainder of an integer division) is a simple example of
>this relationship. A= 21 A modulus 5 => B=1 If you were able to
>"un"-modulus B the answer is N*5+B, where N is the infinite set of integers.
>Obviously, modulus isn't used as a hash since 6, 11,16, and 21 would all be
>the same valid password. So how does a hash guarantee that many A values
>don't result in the same B result? I'll let you figure that out, but here's
>a hint. How many numbers are between 1 and 2; and how many between 2 and 3?
>
>Sorry for carrying on, and I know I skipped a ton of stuff. I just thought
>some of you might enjoy more detail than a frog in a blender. Which is a
>great description. (and much better than my frog in a salad shooter... :))
>
>Rodgers Moore
>
>""Bradley J. Wilson"" <[EMAIL PROTECTED]> wrote in message
>001501c09e83$8faf2b20$ca01010a@bwilson">news:001501c09e83$8faf2b20$ca01010a@bwilson...
>> Whoops...looks like I've started a new thread here. ;-)
>>
>> Hashing:
>>
>> What's green and red and goes a hundred miles an hour? You guessed it, a
>> frog in a blender. When you "hash" a password, that's essentially what
>> you're doing - putting it in a blender and making something completely
>> different that no one would immediately recognize. And just like our poor
>> frog (nod to PETA there), once it's gone through the blender, we will
>never,
>> ever get a frog back from the goo. It's (theoretically) mathematically
>> impossible to un-hash a hashed password (I know there are programs out
>there
>> that do this, but I'm talking about MD5 hashing - can't be undone in this
>> day and age...but has anyone else been following quantum computing? Scary
>> stuff...).
>>
>> Encryption:
>>
>> In encryption, we're "disguising" our frog to look like something else,
>with
>> the *intention* of removing the disguise at some point and getting our
>> original frog back. The technical term used is "key." We use a public
>key
>> to encrypt, and a private key to decrypt. The point is, we get the
>original
>> thing back in a useable form, and not just a lump of goo.
>>
>> On the Cisco router, we have a command "service password-encryption."
>Well,
>> what we're *really* doing is hashing. We're not using a public key to
>> encrypt - we're hashing the password into an unrecognizeable lump of goo.
>> When the router prompts us for a password, we enter it, and then the
>> password we enter is run through the same blender - the same hashing
>> algorithm. If the result is green and red and going a hundred miles an
>hour
>> (which is what the router is looking for), then we're let in. If the
>result
>> is blue and yellow and going a hundred miles an hour, then it obviously
>> wasn't a frog we put into the blender.
>>
>> Anyone else who wants to jump in, feel free - I am by no means an expert
>on
>> security - this is just how I understand it. :-)
>>
>> Bradley J. Wilson
>> CCNP, CCDP, MCSE, NNCSS, CNX, MCT, CTT
>>
>>
>>
>> ----- Original Message -----
>> From: Nabil Fares
>> To: Bradley J. Wilson
>> Sent: Saturday, February 24, 2001 11:07 AM
>> Subject: RE: LOL
>>
>>
>> Hello brad,
>>
>> Your last sentence caught my eye "the difference between hashing
>> and encryption...", would you mind giving me a brief description or the
>> different between them.
>>
>> Thank you,
>>
>> Nabil
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
>> Bradley J. Wilson
>> Sent: Saturday, February 24, 2001 6:01 AM
>> To: cisco
>> Subject: Re: LOL
>>
>>
>> I find myself sitting here wondering if I could actually say this in my
>> classes...I'm already pushing the envelope I think by using the "Princess
>Di
>> Never Tried to Sleep with Prince Andrew" mnemonic for the OSI Model, and
>one
>> of these days I'm going to have someone from PETA in my class when I use
>the
>> old "frog in a blender" joke when discussing the difference between
>hashing
>> and encryption...
>>
>> Political correctness: it can be your friend, and it can be your enemy.
>>
>> BJ
>>
>>
>> _________________________________
>> FAQ, list archives, and subscription info:
>http://www.groupstudy.com/list/cisco.html
>> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>>
>
>
>_________________________________
>FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
>Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
