Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

secret 8 and 9 vs. secret 4

Hi all

not a long time ago, Cisco introduced the secret 4 (for enable secret and username), now this secret 4 no longer seems to be an option (within the 3650 switch with the IOS-XE 03.03.01SE. There are the hashes 8 (PBKDF2) and 9 (SCRYPT) instead. For me this is new, is there a documentation which describes the function of these two options 8 and 9? Why is the option 4 no longer availalbe, is there any security concerns? Should be AES-256 as as far as I know, this option is really secure.

Thank you

Markus

4 REPLIES

secret 8 and 9 vs. secret 4

There are two different things at work here. First is the encryption of a password. For example, when you create your enable password, it is encrypted. The second part is the device encrypting the password in the config so they can't be reversed and recovered. That's done with service password-encryption aes. I thought level 4 was AES-SHA256, but I'm not 100% sure. I'd bet it's different on each platform as well.

Re: secret 8 and 9 vs. secret 4

Secret 4 was determined to have a flaw and was removed in later versions of iOS.

Sent from Cisco Technical Support iPad App

New Member

secret 8 and 9 vs. secret 4

Hi,

while secret 4 was an attempt to implement something more secure than is classic MD5 hashes (secret 5), the implementation itself was severly flawed in multiple respects. It failed to actually implement most of the aspects that would have made that SHA256-based hash secure, first of all it lacked salting. This was even obvious from the configuration - identical passwords lead to identical encoded hash strings. It still took months and some external researchers to notify Cisco that something is wrong, and it ended with a PSIRT advisory roughly a year ago. And then, for the following several months, latest IOS versions still bugged you to use secret 4 even when you insisted on old-but-at-least-salted MD5 secrets. I've even used an external generator to avoid this pitfall until fixed implementations finally made it to customers (which is what happened over the last weeks). Now secret 5 is again the default (when you just enter "enable secret bla", it will generate an MD5 hash again) and the new solutions are pushed a lot less aggressively than was the disaster of secret 4. Give them a year for some external cryptologists to seriously probe them before ever touching them.

BTW, secret 4 had to go as it was unfixable - they could have implemented the method correctly, but it would have invalidated all the hashes existing in configurations out there. It's still getting an interesting transition period now, away again from busted secret 4...

Sorry for the rant, but this has been a "pet peeve" of mine, I had to discuss this with a lot of customers over the last 9 months or so...

HTH,

Andre.

New Member

This is an old thread but in

This is an old thread but in case anyone else bumps into it let me give a little more info on the type-8 and type-9 passwords:

 

Type-8 passwords are what type-4 were meant to be: PBKDF2  (Password-Based Key Derivation Function 2) with 20000 iterations of SHA-256. While good, this is still vulnerable to brute-forcing since SHA-256 is easy to implement VERY fast in ASICS or graphics cards. That is not to say its easy, and in fact if you choose good passwords it is close to impossible, but it is doable

 

Type 9: Type 9 passwords use the scrypt algorithm from the crypto-currency guys. Its whole goal is to ensure that it is expensive to run the algorithm. It does this first by being hard to run in parallel and by requiring a tradeoff: Either use lots of memory and be fast or a little memory and be slow. The trick there is that ASICS and graphics cards don't have enough memory (memory BW) to run fast so in practice it is VERY SLOW to run this algorithm. The other interesting thing is that inside the algorithm is....Lots of PBKDF2 so in Scrypt you combine the best of both.

 

Bottom line: Either one of these is WAY more secure then type 5's and almost infinity more secure then the horrible broken type 4's.

 

5211
Views
20
Helpful
4
Replies
CreatePlease to create content