Information Security News mailing list archives
Cisco inadvertently weakens password encryption in its IOS operating system
From: InfoSec News <alerts () infosecnews org>
Date: Thu, 21 Mar 2013 00:12:09 -0500 (CDT)
https://www.computerworld.com/s/article/9237752/Cisco_inadvertently_weakens_password_encryption_in_its_IOS_operating_system By Lucian Constantin IDG News Service March 20, 2013The password encryption algorithm used in some recent versions of the Cisco IOS operating system is weaker than the algorithm it was designed to replace, Cisco revealed earlier this week.
The new encryption algorithm is called Type 4 and was supposed to increase the resiliency of encrypted passwords against brute-force attacks. "The Type 4 algorithm was designed to be a stronger alternative to the existing Type 5 and Type 7 algorithms," Cisco said Monday in a security response document published on its website.
However, due to an implementation error, the new algorithm generates password hashes -- cryptographic representations of passwords -- that are weaker than those generated by the Type 5 algorithm for equally complex passwords.
The issue was discovered by researchers Philipp Schmidt and Jens Steube of the Hashcat Project. Hashcat is a password recovery application.
[...] ______________________________________________ Attend #HITB2013AMS April 8th - 11th in Amsterdam. Featuring over 42 international speakers and keynotes by Bob Lord and Edward Schwartz http://conference.hitb.org
Current thread:
- Cisco inadvertently weakens password encryption in its IOS operating system InfoSec News (Mar 20)