Cisco has issued a security advisory revealing that it mis-coded the implementation of a new password hashing algorithm. Its “Type 4” password implementation was supposed to salt passwords and then run them through 1,000 iterations of SHA-256 for storage, following the Password-Based Key Derivation Function (PBKDF) version 2 …
So we've all got weak passwords stored in newer Cisco kit and they expect us to "gradually migrate to the new password type"? Jeez, thanks Mr Security!
- Boffins attempt to prove the UNIVERSE IS JUST A HOLOGRAM
- China building SUPERSONIC SUBMARINE that travels in a BUBBLE
- Review Raspberry Pi B+: PHWOAR, get a load of those pins
- That 8TB Seagate MONSTER? It's HERE... (You'll have to squint, 'cos there are no specs)
- Review Reg man looks through a Glass, darkly: Google's toy ploy or killer tech specs?