Cisco has issued a security advisory revealing that it mis-coded the implementation of a new password hashing algorithm. Its “Type 4” password implementation was supposed to salt passwords and then run them through 1,000 iterations of SHA-256 for storage, following the Password-Based Key Derivation Function (PBKDF) version 2 …
So we've all got weak passwords stored in newer Cisco kit and they expect us to "gradually migrate to the new password type"? Jeez, thanks Mr Security!
- Product round-up Ten excellent FREE PC apps to brighten your Windows
- Review Tough Banana Pi: a Raspberry Pi for colour-blind diehards
- Product round-up Ten Mac freeware apps for your new Apple baby
- Analysis Pity the poor Windows developer: The tools for desktop development are in disarray
- Product round-up The Glorious Resolution: Feast your eyes on 5 HiDPI laptops