CCNA Security Exam Tutorial - When It's Good to Add Salt

in #it4 years ago

When you first started studying for your CCNA Certification Exam, one of the very first things you learned was the major difference between Activation Password and Activation Secret - the Activation Secret is encrypted. by default, where the activation password is just plain text, waiting to be read!

When you look at the activation secret in a Cisco router setup, it seems like it would be impossible to guess. After setting the activation secret on this router to the word security, this is how it appears in the configuration:

activate secret 5 $ 1 $ 24me $ gVFxUOI4gYp0IQbhtH8Rz0

This password was encrypted by MD5, the Message Digest 5 algorithm. The result of applying the MD5 algorithm to the password is a 32 character hexadecimal value.

This password is difficult to guess, but not terribly difficult to crack. Anyone looking over your shoulder won't be able to find this password, but there are some readily available password cracker software that can crack this encryption in minutes. This is true for any MD5 encrypted password, not just those for Cisco routers.

So what can we do about it? We can add SEL to our MD5.

The salt itself is simply a string of random characters that are added to the encryption process. Salting makes it much more difficult for a hacker to find the password; every bit added by the salt process makes it literally twice as difficult to compromise the password. A recent Wikipedia entry indicates that if a password was one of 200,000 words, a 32-bit salt would require 800 trillion hashes for a full-blown brute force attack.

The actual creation and application of a salt is beyond the scope of the CCNA Security Exam, but once you've earned this valuable certification - or maybe while you're preparing for it - do a Google search on "salt md5" and read it on this powerful security tool. In the meantime, look for more CCNA Security tutorials on the site you're currently on as well as my website!