HP 7102dl - ProCurve Secure Router Configuration Manual page 789

IP Routing—Configuring RIP, OSPF, BGP, and PBR
Configuring OSPF
With OSPF simple password authentication, routers simply add a password
to the 64-bit authentication field in the OSPF header.
With MD5 authentication, a router uses a secret key and the MD5 algorithm
to generate a message digest for a packet. Routers that receive the packet
dehash the message digest using the same key. If the dehashed message digest
matches the packet, the packet is authentic.
Authentication with MD5 is more secure than simple password authentica-
tion. Attackers can intercept a valid OSPF packet and read the simple pass-
word. However, message digests are unique to each packet and impossible to
generate without the secret key.
Simple password authentication is most useful for ensuring routers do not
send messages into networks in the wrong area. Simply configure a different
simple password for each network. MD5 authentication, on the other hand,
also protects against hackers.
You first enable authentication from the logical interface configuration mode
context:
Syntax: ip ospf authentication [message-digest | null]
If you simply enter ip ospf authentication without any keywords, you enable
simple password authentication. The message-digest option enables MD5
encrypted authentication. The default setting is null, which turns off authen-
tication.
After enabling authentication, set the interface's password or key.
To configure a simple password for an interface, move to the interface
configuration mode context and enter the following command:
Syntax: ip ospf authentication-key <password>
For example, enter the following command to configure secret as the pass-
word:
ProCurve(config-fr 1.101)# ip ospf authentication-key secret
To configure a message digest key, enter:
Syntax: ip ospf message-digest <key ID> md5 <key>
The key ID can be 1 or 2.
15-63