The Type 4 algorithm was supposed to conform to the PBKDF2 (Password-Based Key Derivation Function version 2) standard in an implementation where 80 bits of random data are appended to the plaintext password - a process known as salting - and the resulting string is subjected to 1,000 iterations through the SHA-256 hashing function. Hashcat is a password recovery application. The issue was discovered by researchers Philipp Schmidt and Jens Steube of the Hashcat Project. However, due to an implementation error, the new algorithm generates password hashes - cryptographic representations of passwords - that are weaker than those generated by the Type 5 algorithm for equally complex passwords. "The Type 4 algorithm was designed to be a stronger alternative to the existing Type 5 and Type 7 algorithms," Cisco said Monday in a security response document published on its website. The new encryption algorithm is called Type 4 and was supposed to increase the resiliency of encrypted passwords against brute-force attacks. The password encryption algorithm used in some recent versions of the Cisco IOS operating system is weaker than the algorithm it was designed to replace, Cisco revealed earlier this week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |