Cisco password implementation trubs: weakened strength?
Nick Hilliard
nick at foobar.org
Thu Mar 21 10:57:02 UTC 2013
On 21/03/2013 10:10, jamie rishaw wrote:
> apparently, Cisco is changing its password schemas.
>
> old: pbkdf2 by 1k, salted
> vs
> New: (type 4) unsalted sha256
> ..
> discuss.?
security advisory:
> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
which states:
> Because of the issues discussed in this Security Response, Cisco is
> taking the following actions for future Cisco IOS and Cisco IOS XE
> releases:
>
> Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
> releases will not generate Type 4 passwords. However, to maintain
> backward compatibility, existing Type 4 passwords will be parsed and
> accepted. Customers will need to manually remove the existing Type 4
> passwords from their configuration.
Kudos to Cisco - this was the right thing to do.
Nick
More information about the NANOG
mailing list