A small error in Darril's Book?
I am having a difficult time in trying to remember of of the details in Chapter 9. I think I stumbled upon a small error on page 432. Maybe this has been pointed out before. The example shows the message has changed, the price, but the hash hasn't. On the following page it does show two different hashes.
Comments
-
Devilsbane Member Posts: 4,214 ■■■■■■■■□□I saw this too and brought it to Darril's attention. He intentionally did that, but I can see where people would see it as an error. There needs to be a 3rd step in the process to show what is going on.Decide what to be and go be it.
-
Devilsbane Member Posts: 4,214 ■■■■■■■■□□My message to Darril:Hi Darril,
I'm currently reading your book, and I think I found a couple mistakes.
On page 432, there is a picture on the bottom. The hash of "The price is $75." is D9B93. Then on the other side, it says the hash of "The price is .75." is also D9B93. Shouldn't the second D9B93 be 56429?
Then again at the top of 434 there looks to be the same mistakes. Shouldn't the second hash in this picture be whatever the encrypted hash of "The price is .75."
So I'm not sure if this is a simple mistake, or if you were trying to show that even though the message changed, the hash sent didn't change. But I think that approach could confuse some people. You could always consider having a 3rd box. So on top is the message, next is the hash that was sent with the message, and then the 3rd box is the hash that the receiving computer calculated.
Let me know what you think.
Darril's reply:Hi,
That is actually accurate. The point is that the sent message changed but the sent hash didn't change. However, since the hash is recalculated at the destination, it can be compared to the sent hash to show that the message lost integrity.
The pictures (on both pages 432 and 434) are attempting to show what is sent, not what is calculated.
Cryptography can be a complex topic, even for very experienced IT people since the details aren't touched or used very often, if at all.
You might like to check out this youtube video:
YouTube - Security+ Hashing
HTH and good luck with your studies.Decide what to be and go be it. -
earweed Member Posts: 5,192 ■■■■■■■■■□I tried finding Darrils erratra page but couldn't locate it to see if this was mentionned.No longer work in IT. Play around with stuff sometimes still and fix stuff for friends and relatives.
-
ajmatson Member Posts: 289I tried finding Darrils erratra page but couldn't locate it to see if this was mentionned.
Ask and ye shall received
CompTIA Security+ Get Certified Get Ahead ErrataWorking on currently:
Masters Degree Information Security and Assurance (WGU) / Estimated 06/01/2016
Next Up: CCNP Routing Exam | Certified Ethical Hacker Exam
Cisco Lab: ASA 5506-X, GNS3, 1x 2801 Router, 1x 2650XM, 1x 3750-48TS-E switch, 2x 3550 EMI Switches and 1x 2950T swtich.
Juniper Lab: 1x SRX100H2, 1x J2320 (1GB Flash/1GB RAM, JunOS 11.4R7.5), and 4 JunOS Firefly vSRX Routers in VMWare ESXi 5.1 -
Devilsbane Member Posts: 4,214 ■■■■■■■■□□
It still isn't in there because it isn't an error. It is written as intended, just slightly misleading.
But always a good link to have.Decide what to be and go be it.