Cisco continues to strengthen the security in and around its products, solutions, and services. This week Cisco began providing a Secure Hash Algorithm (SHA) 512 bits (SHA512) checksum to validate downloaded images on www.cisco.com. Cisco already provided a Message Digest 5 (MD5) checksum as the secured hash of the software but the newer SHA512 hash value is now generated on all software images, creating a unique output that is more secure than the MD5 algorithm.
The SHA512 checksum (512 bits) output is represented by 128 characters in hex format, while MD5 produces a 128-bit (16-byte) hash value, typically expressed in text format as a 32-digit hexadecimal number.
The following example provides a comparison of the output of an SHA512 checksum with an MD5 checksum for a Cisco ASA software image (asa941-smp-k8.bin).
The SHA512 value is available during the download process and can be used by customers for software image validation. The following is an example of the new SHA512 checksum of a Cisco ASA Software image.
SHA512 CHECKSUM CISCO ASA SOFTWARE EXAMPLE
In the following example, the shasum tool is used to validate the software image that was downloaded fromwww.cisco.com.
bash-3.2$ shasum -a 512 asa933-smp-k8.bin e2a8b6b47dc784c263c36758c788e0b8835b1c1caaf23747d21cea93875ce60cc0069f98c0c9a988e440e 92bd2be9c1be85525c78a16047779abddfe89705e51 asa933-smp-k8.bin
In the previous example, the SHA512 checksum matches the one displayed in the Cisco Software Download site.
The Cisco ASA also supports SHA512 checksum validation with the verify /sha-512 command, as demonstrated in the following example.
In the previous example, the software image asa941-smp-k8.bin is verified.
The SHA512 checksum verification is one of the many technologies and processes that allow the customer to validate the integrity of the product. The following white papers provide additional resources on how to perform device integrity checks in Cisco IOS and Cisco IOS XE devices.
Hello all, I've got a strange behavior, I don't know if t is normal.Multiple times a day (like a hundred) we observe logs in AMP stating first that the recommended action for the file is to send the file for analysis, and then that the fils was not s...
Hi,I faced strange problem on my router 2911/K9. ACL deny ssh traffic with correct IP address.When I look into my syslog I can see that ACL denied traffic form correct IP to various addresses which begin with 32.x.x.x, 31.x.x.x, 61.x.x.x etc. Th...
Hi I've been tasked to look at NAC for a large customer. Currently running 600 edge switch stacks over multiple sites, each switch stack is split in to a /25. I have been playing around with a config before lock down, monitoring on a ...
Hello, I have LDAPS issues with my 5515 - asa9-12-3-12-smp-k8.bin [-2147483602] Session Start[-2147483602] New request Session, context 0x00007fa9dbdeeb50, reqType = Other[-2147483602] Fiber started[-2147483602] Creating LDAP context with uri=ld...
Hi, I have some problem when i implement cisco ASA to AWS.Is it ok if i only just input 1 certificate from AWS to ASA and not vice versa? due to in AWS we can't input our certificate on thereCan you help give me some information or reference regardin...