[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] Cisco inadvertently weakens password encryption in its IOS operating system



https://www.computerworld.com/s/article/9237752/Cisco_inadvertently_weakens_password_encryption_in_its_IOS_operating_system

By Lucian Constantin
IDG News Service
March 20, 2013

The password encryption algorithm used in some recent versions of the Cisco IOS operating system is weaker than the algorithm it was designed to replace, Cisco revealed earlier this week.

The new encryption algorithm is called Type 4 and was supposed to increase the resiliency of encrypted passwords against brute-force attacks. "The Type 4 algorithm was designed to be a stronger alternative to the existing Type 5 and Type 7 algorithms," Cisco said Monday in a security response document published on its website.

However, due to an implementation error, the new algorithm generates password hashes -- cryptographic representations of passwords -- that are weaker than those generated by the Type 5 algorithm for equally complex passwords.

The issue was discovered by researchers Philipp Schmidt and Jens Steube of the Hashcat Project. Hashcat is a password recovery application.

[...]


______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org