[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] Cisco inadvertently weakens password encryption in its IOS operating system
From: InfoSec News <alerts () infosecnews ! org>
Date: 2013-03-21 5:12:09
Message-ID: alpine.DEB.2.02.1303210011560.18858 () infosecnews ! org
[Download RAW message or body]
https://www.computerworld.com/s/article/9237752/Cisco_inadvertently_weakens_password_encryption_in_its_IOS_operating_system
By Lucian Constantin
IDG News Service
March 20, 2013
The password encryption algorithm used in some recent versions of the Cisco IOS
operating system is weaker than the algorithm it was designed to replace, Cisco
revealed earlier this week.
The new encryption algorithm is called Type 4 and was supposed to increase the
resiliency of encrypted passwords against brute-force attacks. "The Type 4
algorithm was designed to be a stronger alternative to the existing Type 5 and
Type 7 algorithms," Cisco said Monday in a security response document published
on its website.
However, due to an implementation error, the new algorithm generates password
hashes -- cryptographic representations of passwords -- that are weaker than
those generated by the Type 5 algorithm for equally complex passwords.
The issue was discovered by researchers Philipp Schmidt and Jens Steube of the
Hashcat Project. Hashcat is a password recovery application.
[...]
______________________________________________
Attend #HITB2013AMS April 8th - 11th in Amsterdam.
Featuring over 42 international speakers and keynotes
by Bob Lord and Edward Schwartz http://conference.hitb.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic