nanog mailing list archives

Re: Cisco password implementation trubs: weakened strength?

From: Nick Hilliard <nick () foobar org>
Date: Thu, 21 Mar 2013 10:57:02 +0000

On 21/03/2013 10:10, jamie rishaw wrote:

apparently, Cisco is changing its password schemas.

old: pbkdf2 by 1k, salted
vs
New: (type 4) unsalted sha256
..
discuss.?


security advisory:

http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4


which states:

Because of the issues discussed in this Security Response, Cisco is
taking the following actions for future Cisco IOS and Cisco IOS XE
releases:

Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
releases will not generate Type 4 passwords. However, to maintain
backward compatibility, existing Type 4 passwords will be parsed and
accepted. Customers will need to manually remove the existing Type 4
passwords from their configuration.


Kudos to Cisco - this was the right thing to do.

Nick

Current thread:

Cisco password implementation trubs: weakened strength? jamie rishaw (Mar 21)
- Re: Cisco password implementation trubs: weakened strength? Nick Hilliard (Mar 21)
- Re: Cisco password implementation trubs: weakened strength? Jimmy Hess (Mar 21)
  - Re: Cisco password implementation trubs: weakened strength? chip (Mar 21)