Ccna Security Exam Tutorial: When It's Good To Add Salt

When you started studying for your CCNA certification exam, one of the very first things you learned was the major difference between the enable password and the enable secret the enable secret is encrypted by default, where the enable password is just sitting there in clear text, waiting to be read!

When you look at the enable secret in a Cisco router configuration, it looks like it would be impossible to guess. After setting the enable secret on this router to the word security, heres how it appears in the configuration:


enable secret 5 $1$24me$gVFxUOI4gYp0IQbhtH8Rz0

That password has been encrypted by MD5, the Message Digest 5 algorithm. The result of the MD5 algorithm being applied to the password is a 32-character hexadecimal value.

That password is hard to guess, but not terribly hard to crack. Anyone looking over your shoulder would not be able to come up with that password, but there are readily-available password cracking software devices that can crack that encryption in a matter of minutes. Thats true of any MD5-encrypted password, not just those on Cisco routers.

sdgbanhddsfag5as4d1~!#$$**&www.computerday.com^%&^$^&^65__d8f97&*%iu2785*&%873

So what can we do about this? We can add SALT to our MD5.

The salt itself is simply a string of random characters that are added to the encryption process. Salting makes it much more difficult for a hacker to come up with the password; each bit added by the salt process literally makes it twice as difficult for the password to be compromised. A recent Wikipedia entry states that if a password was one of 200,000 words, a 32-bit salt would require 800 trillion hashes for a full-blown brute force attack.

The actual creation and application of a salt is beyond the scope of the CCNA Security exam, but once youve earned that valuable certification or maybe while youre preparing for it do a Google search on salt md5 and read up on this powerful security tool. In the meantime, look for more CCNA Security tutorials on the site youre on now as well as my website! %^$#^%REY^&*^%%*&*)www.computerdays.com&^RUTUT*&*&%&^$%^#^%ERYTRYR^$%^

By: Chris Bryant, CCIE #12933 xclkjbodfshllkl34rt89hj!@#www.computerday.com$$%%^^cj823c

Article Directory: http://www.articledashboard.com

BVKLJHGIUOY*Y987ye*(*(^*^www.computerdays.com*(*%^#~~#$WEUUytuiytuiytsd

Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of www.thebryantadvantage.com/">CCNA certification tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages. Visit the blog and website for daily free Cisco certification questions, illustrated tutorials, and free video tutorials! A free 7-part course, "How To Pass The CCNA", is also available. Get free tutorials and video lessons for your www.thebryantadvantage.com/CCNASecurityCiscoCertification640553IINS.htm>CCNA Security, www.thebryantadvantage.com/CCNAVoiceCiscoCertification640460IIUCExam.htm>CCNA Voice , and CCNA Wireless studies!