Cisco has issued a security advisory revealing that it mis-coded the implementation of a new password hashing algorithm. Its “Type 4” password implementation was supposed to salt passwords and then run them through 1,000 iterations of SHA-256 for storage, following the Password-Based Key Derivation Function (PBKDF) version 2 …
So we've all got weak passwords stored in newer Cisco kit and they expect us to "gradually migrate to the new password type"? Jeez, thanks Mr Security!
- Pic Suffering SPITZER! Boffins discover Milky Way's MISSING ARMS
- Tube be or not tube be: Apple’s CYLINDRICAL Mac Pro is out tomorrow
- Antique Code Show Sega’s Out Run: Even better than the wheel thing
- Android antivirus apps CAN'T kill nasties on sight like normal AV - and that's Google's fault
- No anon pr0n for you: BT's network-level 'smut' filters will catch proxy servers too