Hi Karsten,
yes, but I'm not aware at the moment if the intended PBKDF2-based implementation is already available. Any information on that?
I haven't heard about anything, sadly. You know, I find this strange... someone during the coding stage forgets to call the PBKDF2 with the salt, or the call to the function is not done properly - okay, the Type-4 passwords are therefore mere SHA-256 hashes of the original password, so let's deprecate them. But why, after this issue has been identified, no one promptly suggests a Type-X password that use the corrected call to PBKDF2? They wanted to get it correct the first time, they failed (although I wonder how this could have happened, as this is a mistake that should not happen even to an IT student bringing in a trivial seminal thesis using stored passwords), so why don't they just correct it now they know what they screwed up, and release it again?
The software development in Cisco, I hate to say this, is getting from bad to worse. Noting the number of issues with the Catalyst 2960/3560/3750 IOSes discussed here on CSC, the latest issue with the DHCP Snooping - I am just shaking my head. Something is seriously wrong, and I am honestly worried.
Best regards,
Peter
