[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco password implementation trubs: weakened strength?

On 21/03/2013 10:10, jamie rishaw wrote:
> apparently, Cisco is changing its password schemas.
> old: pbkdf2 by 1k, salted
> vs
> New: (type 4) unsalted sha256
> ..
> discuss.?

security advisory:

> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4

which states:

> Because of the issues discussed in this Security Response, Cisco is
> taking the following actions for future Cisco IOS and Cisco IOS XE
> releases:
> Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
> releases will not generate Type 4 passwords. However, to maintain
> backward compatibility, existing Type 4 passwords will be parsed and
> accepted. Customers will need to manually remove the existing Type 4
> passwords from their configuration.

Kudos to Cisco - this was the right thing to do.