MD5 to SHA256..but password cracking becomes easier

In an interesting evelations, it is stated that CISCO has recently started using a different method for storing user’s passwords which involves shifting from MD5 to SHA 256 which makes passwords more vulnerable to cracking.

We are aware that MD5 is reportedly compromised and in fact Indian CCA has dis-accredited MD5 algorithm for DigitalSignature purpose and shifted to SHA256/512.

According to security experts the new password storing system converts passwords into SHA256 hash code using a single iteration and without any cryptographic salt(Randaom data input).

The earlier methodis reported to have used 1000 iterations of MD5 hash with a cryptographic salt to each password. This is said to make cracking slower and requiring more tries.

Security specialists have also pointed out that at present relatively inexpensive systems outfitted with 2 AMD Radeop 6990 graphic cards and working with “Hashcat password cracking program can make 2.8 billion cracking tries per second.

CISCO is reported to have acknowledged the issue and stated that adoption of the low security method was forced by certain implementation problems.

Hopefully CISCO is working on setting right the weakness.

Refer details here:

Print Friendly, PDF & Email

About Vijayashankar Na

Naavi is a veteran Cyber Law specialist in India and is presently working from Bangalore as an Information Assurance Consultant. Pioneered concepts such as ITA 2008 compliance, Naavi is also the founder of Cyber Law College, a virtual Cyber Law Education institution. He now has been focusing on the projects such as Secure Digital India and Cyber Insurance
This entry was posted in Cyber Crime, ITA 2008. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.