warning: I'm tired and this email is terse.
warning: for huge nerds only.
disclaimer: although I've worked with actual rocket scientists(hi Roger),
I'm. not one myself..nor am I a crypto mathnerd
apparently, Cisco is changing its password schemas.
old: pbkdf2 by 1k, salted
vs
New: (type 4) unsalted sha256
..
discuss.?
there is a cert and Cisco sa on this.. but I'm wondering if anyone has any
opinions, yea or nay.?
-j.
apparently, Cisco is changing its password schemas.
old: pbkdf2 by 1k, salted
vs
New: (type 4) unsalted sha256
..
discuss.?
security advisory:
which states:
Because of the issues discussed in this Security Response, Cisco is
taking the following actions for future Cisco IOS and Cisco IOS XE
releases:Type 4 passwords will be deprecated: Future Cisco IOS and Cisco IOS XE
releases will not generate Type 4 passwords. However, to maintain
backward compatibility, existing Type 4 passwords will be parsed and
accepted. Customers will need to manually remove the existing Type 4
passwords from their configuration.
Kudos to Cisco - this was the right thing to do.
Nick
New: (type 4) unsalted sha256
Good for them; DES Crypt and MD5 crypt are dead... however, I hope
they have misspoken then... because that move would make no
sense... moving to simple unsalted SHA256 as the new hash type would
definitely increase the performance of potential password cracking
attempts against passwords stored at rest, instead of addressing the
massive increase in cheap computing power (which will necessitate all
software vendors who are concerned about stored password security,
stop using older crypt algorithms yesterday).
In other words; they would be moving to a weaker hashing algorithm if
selecting unsalted SHA -- more hashes per second of SHA256 could be
computed per second on equivalent GPU than hashes per second of MD5
Crypt.
PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required
for a password cracker); Bcrypt stronger than PBKDF2 with appropriate
work factor selected (more time _and_ larger amounts of memory space
required thwarting GPUs); etc.
Also, on what platform have they already used anything stronger than Unix crypt?
As far as I knew, Cisco were always using; 'type 7' password blobs
vigenere based symmetric encryption with a factory-defined key, type
6 symmetric encrypted storage (with des/aes key obscured from view),
or type 5 basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm
used in FreeBSD.
According to the releases, they moved to a PBKDF2 solution, but due to
implementation error...it ran only once; without salt. Ars has a pretty
good write up on it.
So.. Good for them for updating to better encryption. Bad on them for
horking up the code to actually implement it and making it much worse.
Apply the upcoming patches, whipe hands on pants.
--chip