On 3/21/13, jamie rishaw <j@arpa.com> wrote:
New: (type 4) unsalted sha256
Good for them; DES Crypt and MD5 crypt are dead... however, I hope they have misspoken then... because that move would make no sense... moving to simple unsalted SHA256 as the new hash type would definitely increase the performance of potential password cracking attempts against passwords stored at rest, instead of addressing the massive increase in cheap computing power (which will necessitate all software vendors who are concerned about stored password security, stop using older crypt algorithms yesterday). In other words; they would be moving to a weaker hashing algorithm if selecting unsalted SHA -- more hashes per second of SHA256 could be computed per second on equivalent GPU than hashes per second of MD5 Crypt. PBKDF2 at 10k rounds is stronger than MD5 crypt (more time required for a password cracker); Bcrypt stronger than PBKDF2 with appropriate work factor selected (more time _and_ larger amounts of memory space required thwarting GPUs); etc. Also, on what platform have they already used anything stronger than Unix crypt? As far as I knew, Cisco were always using; 'type 7' password blobs vigenere based symmetric encryption with a factory-defined key, type 6 symmetric encrypted storage (with des/aes key obscured from view), or type 5 basic unix crypt or Poul-Henning Kamp's MD5 crypt algorithm used in FreeBSD.
I'm. not one myself..nor am I a crypto mathnerd apparently, Cisco is changing its password schemas. old: pbkdf2 by 1k, salted vs New: (type 4) unsalted sha256 .. discuss.?
there is a cert and Cisco sa on this.. but I'm wondering if anyone has any opinions, yea or nay.?
-- -JH