lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-Id: <E05CA7D2-2E92-4A4C-9C57-C4AB2C635FE8@thorsheim.net> Date: Thu, 21 Mar 2013 17:09:47 +0100 From: Per Thorsheim <per@...rsheim.net> To: "discussions@...sword-hashing.net" <discussions@...sword-hashing.net> Subject: Re: [PHC] Password Hashing done wrong on CISCO IOS Discovered & responsibly reported to Cisco by Jens Steube (+friend). Jens happens to be atom@...hcat.net, who should be a well-known person to this list I guess. ;-) Best regards, Per Thorsheim CISA, CISM, CISSP-ISSAP http://securitynirvana.blogspot.com/ +47 90999259 Den 21. mars 2013 kl. 17:06 skrev Yann Droneaud <ydroneaud@...eya.com>: > Hi, > > Reported by H-Online > > "Weakened password hashing found in Cisco devices" > > http://www.h-online.com/security/news/item/Weakened-password-hashing-found-in-Cisco-devices-1827197.html > > "The algorithm was incorrectly implemented in version 15 of Cisco's IOS operating system, so that instead of using an 80-bit "salt" value, it used none, and instead of an intended 1000 iterations through SHA256, it used only one." > > What can be worst ? :/ > > Regards. > > -- > Yann Droneaud > OPTEYA >
Powered by blists - more mailing lists