[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cisco password implementation trubs: weakened strength?

According to the releases, they moved to a PBKDF2 solution, but due to
implementation error...it ran only once;  without salt.  Ars has a pretty
good write up on it.

So..  Good for them for updating to better encryption.  Bad on them for
horking up the code to actually implement it and making it much worse.
 Apply the upcoming patches, whipe hands on pants.



On Thu, Mar 21, 2013 at 7:22 AM, Jimmy Hess <mysidia at gmail.com> wrote:

> On 3/21/13, jamie rishaw <j at arpa.com> wrote:
> > New: (type 4) unsalted sha256
> Good for them; DES Crypt and MD5 crypt are dead... however, I hope
> they have misspoken then...  because   that move would make no
> sense... moving to simple unsalted SHA256  as the new hash type  would
> definitely increase the performance of  potential password cracking
> attempts against passwords stored at rest,  instead of addressing the
> massive increase in cheap computing power  (which will necessitate all
> software vendors who are concerned about stored password security,
> stop using older crypt algorithms  yesterday).
> In other words;  they would be moving to a weaker hashing algorithm if
> selecting unsalted SHA -- more hashes per second of SHA256  could be
> computed per second on equivalent GPU  than hashes per second of MD5
> Crypt.
> PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required
> for a password cracker); Bcrypt stronger than PBKDF2  with appropriate
> work factor selected  (more time _and_  larger amounts of memory space
> required  thwarting GPUs); etc.
> Also, on what platform have they already used anything stronger than Unix
> crypt?
> As far as I knew, Cisco were always using;  'type 7' password blobs
> vigenere based symmetric encryption with a factory-defined key,  type
> 6 symmetric encrypted storage (with des/aes key obscured from view),
> or type 5  basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm
>  used in FreeBSD.
> > I'm. not one myself..nor am I a crypto mathnerd
> > apparently, Cisco is changing its password schemas.
> > old: pbkdf2 by 1k, salted
> > vs
> > New: (type 4) unsalted sha256
> > ..
> > discuss.?
> >
> > there is a cert and Cisco sa on this.. but I'm wondering if anyone has
> any
> > opinions, yea or nay.?
> --
> -JH

Just my $.02, your mileage may vary,  batteries not included, etc....