In an interesting evelations, it is stated that CISCO has recently started using a different method for storing user’s passwords which involves shifting from MD5 to SHA 256 which makes passwords more vulnerable to cracking.
We are aware that MD5 is reportedly compromised and in fact Indian CCA has dis-accredited MD5 algorithm for DigitalSignature purpose and shifted to SHA256/512.
According to security experts the new password storing system converts passwords into SHA256 hash code using a single iteration and without any cryptographic salt(Randaom data input).
The earlier methodis reported to have used 1000 iterations of MD5 hash with a cryptographic salt to each password. This is said to make cracking slower and requiring more tries.
Security specialists have also pointed out that at present relatively inexpensive systems outfitted with 2 AMD Radeop 6990 graphic cards and working with “Hashcat password cracking program can make 2.8 billion cracking tries per second.
CISCO is reported to have acknowledged the issue and stated that adoption of the low security method was forced by certain implementation problems.
Hopefully CISCO is working on setting right the weakness.