Cisco Community
English
Register
QUICK UPDATE - Part I of Security Restructure is finished and part II has started. Email and Web Notifications will still be off while content is relabeled - LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Announcements
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

442
Views
3
Helpful
4
Replies
Highlighted
Jimi
Jimi Beginner
Beginner
‎09-03-2017 02:47 AM
‎09-03-2017 02:47 AM

Encryption for TACACS+ user passwords inside ISE2.2's Internal Identity Store

Hi All,

I'll just like to confirm that my understanding of how encryption is currently done for TACACS+ users in ISE 2.2 Internal Identity Store:

With reference to this link: http://pmbuwiki.cisco.com/Products/ISE/Technical/Security#How_is_information_encrypted_in_ISE_for_local_Identity_Storage…

As mentioned in the document above, only the users' passwords (and not the rest of the fields/columns) in the database are hashed using SHA256 and stored without any cryptography "salt" component? May I know what is the recommended approach if customer has an audit compliance requirement that users' passwords have to be hashed and "salted" before kept on any DB?

Best Regards,

Jimmy

Everyone's tags (3)
Reply
4 REPLIES 4
Highlighted
Jimi
Jimi Beginner
Beginner
‎09-03-2017 08:29 AM
‎09-03-2017 08:29 AM

Re: Encryption for TACACS+ user passwords inside ISE2.2's Internal Identity Store

Just to add on, I've also found this thread: https://cisco.jiveon.com/thread/134207

This kind of adds on additional information to the previous document.

However, it still says that non ISE-admin users' passwords are not salted prior to hashing with the AES128.

May I know is this considered acceptable for TACACS+ users' passwords?

Best Regards

0 Helpful
Reply
Highlighted
hslai
hslai Cisco Employee
Cisco Employee
‎09-11-2017 11:20 AM
‎09-11-2017 11:20 AM

Re: Encryption for TACACS+ user passwords inside ISE2.2's Internal Identity Store

Enable passwords are stored the same as regular passwords. Please contact our PM if you have additional requirements.

Reply
Jimi
Jimi Beginner
Beginner
‎09-27-2017 09:30 AM
‎09-27-2017 09:30 AM

Re: Encryption for TACACS+ user passwords inside ISE2.2's Internal Identity Store

Thanks for response. Appreciate if you could also point me in the right direction to the PM for such matters?

0 Helpful
Reply
Highlighted
hslai
hslai Cisco Employee
Cisco Employee
‎09-27-2017 12:51 PM
‎09-27-2017 12:51 PM

Re: Encryption for TACACS+ user passwords inside ISE2.2's Internal Identity Store

I just emailed you separately on this.

0 Helpful
Reply
Latest Contents
ise 2.6 redirect URL isssue
Created by Mike Co on 02-20-2020 05:06 PM
0
0
0
0
Questionhello all , i have a issue about the ise 2.6 redirect url, when i finish ise configuration and try to web auth, what i got  shown as below:Redirect URL : https://ip:port/portal/gateway?mac=ClientMacValue&portal=27041710-2e58-11e9-98fb 005... view more
Community Live video- How to optimize your Cisco Security in...
Created by ciscomoderator on 02-20-2020 03:24 PM
0
0
0
0
Community Live video- How to optimize your Cisco Security investments with Threat Response (Live event - formerly known as Webcast-  Tuesday February 18, 2020 at 10 am Pacific/ 1 pm Eastern / 7 pm Paris) This event had place on Tuesday 18th, Februa... view more
#CiscoChat Live - RSAC 2020: Securing What’s Now and What’s ...
Created by Kelli Glass on 02-20-2020 02:39 PM
1
0
1
0
Join us live from the RSAC show floor on Tuesday, February 25 at 12:30 pm PT (and on demand after) for a livestreaming event that captures the excitement of RSAC and shares the latest from Cisco Security. Host Jason Wright will be joined by Cisco exe... view more
#CiscoChat Live - RSAC 2020: Securing What’s Now and What’s ...
Created by Kelli Glass on 02-20-2020 02:24 PM
0
0
0
0
Join us live from the RSAC show floor on Tuesday, February 25 at 12:30 pm PT (and on demand after) for a livestreaming event that captures the excitement of RSAC and shares the latest from Cisco Security. Host Jason Wright will be joined by Cisco exe... view more
FAQ Community Live- How to optimize your Cisco Security inve...
Created by ciscomoderator on 02-20-2020 12:02 PM
0
0
0
0
QuestionAnswer   This event had place on Tuesday 18th, February 2020 at 10hrs PDT  Introduction   Featured Expert Ben Greenbaum is a Technical Marketing Engineer with over twenty years of experience in the Cyber Threat Intelligence fie... view more
CreatePlease to create content
Discussion
Blog
Document
Video