Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
2300
Views
3
Helpful
4
Replies

Encryption for TACACS+ user passwords inside ISE2.2's Internal Identity Store

Jimi
Level 1
Level 1

‎09-03-2017 02:47 AM

Hi All,

I'll just like to confirm that my understanding of how encryption is currently done for TACACS+ users in ISE 2.2 Internal Identity Store:

With reference to this link: http://pmbuwiki.cisco.com/Products/ISE/Technical/Security#How_is_information_encrypted_in_ISE_for_local_Identity_Storage…

As mentioned in the document above, only the users' passwords (and not the rest of the fields/columns) in the database are hashed using SHA256 and stored without any cryptography "salt" component? May I know what is the recommended approach if customer has an audit compliance requirement that users' passwords have to be hashed and "salted" before kept on any DB?

Best Regards,

Jimmy

1 person had this problem
4 Replies 4

Jimi
Level 1
Level 1

‎09-03-2017 08:29 AM

Just to add on, I've also found this thread: https://cisco.jiveon.com/thread/134207

This kind of adds on additional information to the previous document.

However, it still says that non ISE-admin users' passwords are not salted prior to hashing with the AES128.

May I know is this considered acceptable for TACACS+ users' passwords?

Best Regards

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to Jimi

‎09-11-2017 11:20 AM

Enable passwords are stored the same as regular passwords. Please contact our PM if you have additional requirements.

Jimi
Level 1
Level 1

‎09-27-2017 09:30 AM

Thanks for response. Appreciate if you could also point me in the right direction to the PM for such matters?

0 Helpful

hslai
Cisco Employee
Cisco Employee
In response to Jimi

‎09-27-2017 12:51 PM

I just emailed you separately on this.

0 Helpful
Customers Also Viewed These Support Documents
Top