Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20130312151333.GB29751@griffin.linux.hr>
Date: Tue, 12 Mar 2013 16:13:33 +0100
From: Vlatko Kosturjak <kost@...ux.hr>
To: john-dev@...ts.openwall.com
Subject: Re: Cisco - Password type 4 - SHA256

On Fri, Mar 08, 2013 at 08:19:18AM +0100, Jan Starke wrote:
> Hi Vlatko,
> 
> Do you have the possibility of setting an own type-4 password? If so,
> you could also calculate the SHA256 hash of the password you used and
> compare this with Cisco's value. If both are equal, you can assume
> that Cisco uses a simple SHA256.
> 
> Would you be happy the share your results here?

Hello Jan and thanks for your interest. 

I have tried that already and it is not the same (raw sha256). I have also 
tried 100 iterations of raw sha256, base64 iterations (padded and not 
padded) and hex iterations without luck. Therefore, they are not using
something standard. Still, they state they are using sha256 and if that's
true - it's just question how. I see somebody on hashcat forum tried even 
1000 iterations without luck. 

But from my investigation, it seems that Cisco screwed it up, because 
it looks they are not salting the password at all because:
- hash is same for different users and same password
- hash is same on different devices and different users and same password

Therefore, it is vulnerable to time-memory tradeoff like:
- rainbow tables
- online cracking

That's interesting because they plan to move from type 5 to type 4 in 
future :)
-- 
Vlatko Kosturjak - KoSt

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.