Advertising a default route over BGP

JEREMY L. GADDIS , owner of  the blog at, has written an excellent tutorial on how to advertise a default route over BGP.

The most important part of the tutorial to actually advertise the default route is the following:

R3(config)# router bgp 33
R3(config-router)# neighbor default-originate
R3(config-router)# neighbor default-originate

How strong is SSL encryption ?

Ever wondered how strong is the SSL encryption we use everyday in our web browser and email clients (e.g Outlook, ThunderBird)?

Q: How secure is the encryption used by SSL?
A:  It would take significantly longer than the age of the universe to crack a 128-bit key.

Understanding SSL

SSL uses public-key encryption to exchange a session key between the client and server; this session key is used to encrypt the http transaction (both request and response). Each transaction uses a different session key so that even if someone did manage to decrypt a transaction, that would not mean that they would have found the server's secret key; if they wanted to decrypt another transaction, they'd need to spend as much time and effort on the second transaction as they did on the first.  Of course, they would have first have to have figured out some method of intercepting the transaction data in the first place, which is in itself extremely difficult.  It would be significantly easier to tap your phone, or to intercept your mail to acquire your credit card number than to somehow intercept and decode Internet Data.

Servers and browsers do encryption ranging from a 40-bit secret key to a 128-bit secret key, that is to say '2 to the 40th power' or '2 to the 128th power'.  Many people have heard that 40-bit is insecure and that you need 128-bit to keep your credit card info safe.  They feel that using a 40-bit key is insecure because it's vulnerable to a "brute force" attack (basically trying each of the 2^40 possible keys until you find the one that decrypts the message). This was in fact demonstrated when a French researcher used a network of fast workstations to crack a 40-bit encrypted message in a little over a week.  Of course, even this 'vulnerability' is not really applicable to applications like an online credit card transaction, since the transaction is completed in a few moments.  If a network of fast computers takes a week to crack a 40-bit key, you'd be completed your transaction and long gone before the hacker even got started.

It would take significantly longer than the age of the universe to crack a 128-bit key

Using a 128-bit key eliminates any problem at all because there are 2^128 instead of 2^40 possible keys.  Using the same method (a networked of fast workstations) to crack a message encrypted with such a key would take significantly longer than the age of the universe using conventional technology.   Remember that 128-bit is not just 'three times' as powerful as 40-bit encryption.  2^128 is 'two times two, times two, times two...' with 128 two's.   That is two, doubled on itself 128 times.  2^40 is already a HUGE number, about a trillion (that's a million, million!).   Therefor 2^128 is that number (a trillion), doubled over and over on itself another 88 times.   Again, it would take significantly longer than the age of the universe to crack a 128-bit key.

The strength of the encryption looks very interesting in terms of figures.

Doing the math, you can see that using the same method that was used to break 40-bit encryption in a week, it would take about 72 million weeks (about 1.4 million years) to even break '56-bit medium' encryption and significantly longer than the age of the universe to crack a 128-bit key.  Of course the argument is that computers will keep getting faster, about doubling in power every 18 months.  That is true, but even when computers are a million times faster than they are now (about 20 years from now if they double in speed every year), it would then still take about 6 thousand, trillion years, which is about a million times longer than the Earth has been around.  Plus, simply upgrading to 129-bit encryption would take twice as long, and 130-bit would take twice as long again.  As you can see, it's far easier for the encryption to keep well ahead of the technology in this case.  

Simply put, 128-bit encryption is totally secure.

If you want to understand the technical details  behind SSL I recommend you read this nice and simple explanation given by digicert titled Everything You Want to Know about the Cryptography behind SSL Encryption


How to solve the Blue Screen of Death when Using GNS3 on Windows 7 or 8

When you are using GNS3 on Win 7/8 and if you stop the router, you get a blue screen saying your PC ran into some problem with the following error:


Your PC will restart after this error :(

After doing some research on the GNS3 forum and reading the users experience, I found 2 solutions to this problem:

1. Run GNS3 on a LINUX Distro e.g DEBIAN or UBUNTU (FYI: A Linux Distro is always more stable than Windows)

2.If you are not comfortable with LINUX then you can still use WINDOWS but make sure you run the following CISCO IOS Images according to a post (please see extract below) on the CISCO LEARNING NETWORK  by Navneet.Gaur :

“These are the stable working IOS images for GNS 3.
I have some of them as I own the routers.
Cisco 2691 Router | 2600 Series - Extremely stable
Cisco 3640 Router | 3600 Series
Cisco 3725 Router | 3700 Series - For MPLS
Cisco 7200 Router - Extremely stable
     c7200-advipservicesk9-mz.150-1.M.bin - For SLA”

I don’t promise that your PC will not crash but you can still try.
I tried the “c2691-adventerprisek9-mz.124-5a.bin” image…its really stable on Windows 8.
I can start and stop the router..No BSOD so far J

1 tip when using GNS3: After you have started your router on GNS3, right click on it and calculate a new idle-pc value. You will be presented with a list of values choose the one starting with an asterix (*)

Hope this helps you in preparing for your Cisco CCNP Exams..Good Luck !!!