[161625] in North American Network Operators' Group
Re: Cisco password implementation trubs: weakened strength?
daemon@ATHENA.MIT.EDU (Nick Hilliard)
Thu Mar 21 06:57:15 2013
X-Envelope-To: <nanog@nanog.org>
Date: Thu, 21 Mar 2013 10:57:02 +0000
From: Nick Hilliard <nick@foobar.org>
To: nanog@nanog.org
In-Reply-To: <CABL6YZQFf9_e9va0J15kdz1np-Jv-jeZ1Vi9LPnNewGKwMzDNg@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 21/03/2013 10:10, jamie rishaw wrote:
> apparently, Cisco is changing its password schemas.
>
> old: pbkdf2 by 1k, salted
> vs
> New: (type 4) unsalted sha256
> ..
> discuss.?
security advisory:
> http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
which states:
> Because of the issues discussed in this Security Response, Cisco is
> taking the following actions for future Cisco IOS and Cisco IOS XE
> releases:
>
> Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
> releases will not generate Type 4 passwords. However, to maintain
> backward compatibility, existing Type 4 passwords will be parsed and
> accepted. Customers will need to manually remove the existing Type 4
> passwords from their configuration.
Kudos to Cisco - this was the right thing to do.
Nick
