Options
CHAP or Hash question
Jackace
Member Posts: 335
in CCNA & CCENT
CHAP is used to authenticate routers over a PPP WAN link. They don't send the password in clear text but they send an MD5 hash of the password and the other router compares what it receives with the hash of it's own password. If both routers have the same password they will get the same MD5 hash result.
My question is how does this stop someone from packet sniffing and getting the MD5 hash result and then just sending the MD5 hash to one of the routers to authenticate and connect?
My question is how does this stop someone from packet sniffing and getting the MD5 hash result and then just sending the MD5 hash to one of the routers to authenticate and connect?
Comments
-
Optionswastedtime
Member Posts: 586 ■■■■□□□□□□
When a challenge is sent there is a challenge value sent with it that gets hashed with the password. The value is changed for each challenge. Because that value is changed the hashes are always different.
-
OptionsJackace
Member Posts: 335
wastedtime wrote: »When a challenge is sent there is a challenge value sent with it that gets hashed with the password. The value is changed for each challenge. Because that value is changed the hashes are always different.
Thank you that is the piece I was missing.