NSA has Issues With Cisco Passwords
Reading Time: < 1 minute

NSA has Issues With Cisco passwords, the agency has issued a document for Cisco users explaining how to make their passwords stronger.

The US National Security Agency has released an advisory [PDF]  that said, “While NSA strongly recommends multi-factor authentication for administrators managing critical devices, sometimes passwords alone must be used. Choosing good password storage algorithms can make exploitation much more difficult.”

In the document, it recommends the only one type of password, Cisco’s Type 8, which uses either Password-Based Key Derivation Function version 2 (PBKDF2), SHA-256, an 80-bit salt – one NSA wit described it as “what Type 4 was meant to be.” 

The users can opt for the second-best Type 6, which uses a 128-bit AES algorithm and is particularly useful for VPN passwords, the NSA notes, although Type 8 is preferable.

NSA warned, “Type 8 should be enabled and used for all Cisco devices running software developed after 2013. Devices running software from before 2013 should be upgraded immediately. Type 6 passwords should only be used if specific keys need to be encrypted and not hashed, or when Type 8 is not available (which typically implies that Type 9 is also unavailable).”

Further, it has advised users not to use Type 0 (plain text), Type 4 – which uses a crippled form of PBKDF2 that’s susceptible to brute-forcing – and Type 7, a Vigenere cipher that can be easily broken.

The NSA strongly recommends users to use long-form passwords and admins limit access privileges for users more strictly, but you know that already.

Related Articles:
Microsoft Offers Advice to Defend against ‘Ice Phishing’ Crypto Scammers
Canonical’s Snap Package Manager Has New Linux Privilege Escalation Flaw
Scammers are using Fake Video Meetings to steal your Money