04-01-2005 09:04 AM - edited 03-02-2019 10:20 PM
hi everyone
A problem about authentication of OSPF have puzzled me for a long time ,it is that the AuthTpye 2 which use the MD5 algorithm is better than the simple password,but in the OSPF packets,the hash numbers don't change.If there are some OSPF routers and a host implementing sniffer software on a same LAN,the hash number will be captured.And someone can cheat the routers on the LAN with forged packets.
It seems that the authenticatin of OSPF doesn't work,but i don't believe it,i hope someone can help me,thx!
p.s im not a native speaker,sorry for bad english!
04-01-2005 11:01 AM
Hi,
Please note that MD5 hash algorithms are only one-way.You cann't know that easily the password just by knowing hash. It is possible to retrieve data with encryption techniques if you know the key means encryption techniques are two way in general.
For eg, your password is "abc" and your MD5 checksum is "1$122131Aaa". Only option left for us is guessing password, compute MD5 checksum over that and compare with the saved original hash which is impossible to detect with existing technology.
Please refer the following link for more information..
http://unixwiz.net/techtips/iguide-crypto-hashes.html
Thank you,
Regards...
-Ashok.
04-02-2005 05:54 AM
Thank u very much
I know the MD5 algorithm is one-way,but when the script kiddy forge the packets , they need not to know the really password but the hash number,for example:
there is a string "00 02 00 00 10 26 91 7b 1e" in a ospf hello packet , and the first 64 bit is the hash number , the rest 8 bit is the sequence number.If we want to cheat the OSPF routers , we only need to forge ospf packets with increasing the sequence number , because the hash number won't change.
So is there any difference between AuthType2 and AuthType1?
04-02-2005 06:49 AM
oh,im very very sorry...
i make a mistake...i understand,thank u very much
04-02-2005 07:25 AM
Just as a clarification, the MD5 hash sent as part of ospf packets is 16 bytes long and changes in every packet. Per RFC2328 section D.4.3 (6)(c), the hash is created from the following data.
"The MD5 authentication algorithm is run over the concatenation of the OSPF packet, secret key, pad
and length fields, producing a 16 byte message digest."
Hope this helps,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide