-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Cisco IOS and Cisco IOS XE Type 4 Passwords Issue Document ID: 33464 Revision 1.0 For Public Release 2013 March 18 16:00 UTC (GMT) +--------------------------------------------------------------------- Cisco Response Summary ====================== This is the Cisco response to research performed by Mr. Philipp Schmidt and Mr. Jens Steube from the Hashcat Project on the weakness of Type 4 passwords on Cisco IOS and Cisco IOS XE devices. Mr. Schmidt and Mr. Steube reported this issue to the Cisco PSIRT on March 12, 2013. A limited number of Cisco IOS and Cisco IOS XE releases based on the Cisco IOS 15 code base include support for a new algorithm to hash user-provided plaintext passwords. This algorithm is called Type 4, and a password hashed using this algorithm is referred to as a Type 4 password. The Type 4 algorithm was designed to be a stronger alternative to the existing Type 5 and Type 7 algorithms to increase the resiliency of passwords used for the 'enable secret password' and 'username username secret password' commands against brute-force attacks. For additional information please see the full Cisco Security Response at the link below. Cisco would like to thank Mr. Schmidt and Mr. Steube for sharing their research with Cisco and working toward a coordinated disclosure of this issue. This Cisco Security Response is available at: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org iF4EAREIAAYFAlFHFKYACgkQUddfH3/BbTpPQAD/S/gS0O+btwWu5rI7rugYeRzD m38z8zGANgZ9IlEz/OoA/RZVrhrJJ1eRTlHo0/IHuYK3AYUtT5cA8PprIJoUX1Qg =R0TE -----END PGP SIGNATURE-----