Cisco Moves to Weaker Hashing Scheme with No Salting
Typically when a company updates its security measures, it's to something stronger. Such is not the case with Cisco, which recently switched to a new hashing scheme that is actually weaker than the past version. Cisco intended the new scheme, a type 4 algorithm, to provide more protection, but it's been discovered it converts "passwords into one-way hashes us[ing] a single iteration of the SHA256 function with no cryptographic salt." It came as a shock to many security experts because this particular scheme requires almost no time at all to crack, even with budget systems. Compared to the type 5 algorithm that uses 1,000 iterations of the MD5 hash function, Cisco's new scheme is no match. The large amount of repetitions results in slower cracking, plus the MD5 function added some randomly generated cryptographic salt to each password to prevent high numbers of hashes from being targeted at once.
Cisco has acknowledged this revelation by saying an "implementation issue" caused the Password-Based Key Derivation Function version 2 and random 80-bit salt to not apply. No information was given on which products are using the new algorithm, but Cisco did warn that downgrading could cause some backward compatibility issues. That may be a small price to pay to keep information secure, and in the meantime, it's probably a good idea to weigh this news if you're about to upgrade your Cisco gear.
Source: Ars Technica