Cisco Switches to Weaker Hashing Scheme
“Cisco switches to weaker hashing scheme, passwords cracked wide open.”
In this day and age, for a company with such technical and financial resources such as Cisco Systems to “dumb down” their password hashing methods is inexcusable and irresponsible. As noted elsewhere here, other large companies (like LinkedIn) have employed poor password management practices and they and their users have paid for it.
It turns out that Cisco’s new method for converting passwords into one-way hashes uses a single iteration of the SHA256 function with no cryptographic salt.
Read about Cisco’s poor choice here on Ars Technica. I expect there’ll be a fix in an update, but sheesh.