[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISN] Cisco inadvertently weakens password encryption in its IOS operating system
By Lucian Constantin
IDG News Service
March 20, 2013
The password encryption algorithm used in some recent versions of the Cisco IOS
operating system is weaker than the algorithm it was designed to replace, Cisco
revealed earlier this week.
The new encryption algorithm is called Type 4 and was supposed to increase the
resiliency of encrypted passwords against brute-force attacks. "The Type 4
algorithm was designed to be a stronger alternative to the existing Type 5 and
Type 7 algorithms," Cisco said Monday in a security response document published
on its website.
However, due to an implementation error, the new algorithm generates password
hashes -- cryptographic representations of passwords -- that are weaker than
those generated by the Type 5 algorithm for equally complex passwords.
The issue was discovered by researchers Philipp Schmidt and Jens Steube of the
Hashcat Project. Hashcat is a password recovery application.
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org