<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Hash on Remko's Blog</title><link>https://remkoweijnen.nl/blog/tags/hash/</link><description>Recent content in Hash on Remko's Blog</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Wed, 13 Dec 2017 13:53:08 +0000</lastBuildDate><atom:link href="https://remkoweijnen.nl/blog/tags/hash/index.xml" rel="self" type="application/rss+xml"/><item><title>Change NetScaler Password Hash from SHA1 to SHA512</title><link>https://remkoweijnen.nl/blog/2017/12/13/change-netscaler-password-hash-sha1-sha512/</link><pubDate>Wed, 13 Dec 2017 13:53:08 +0000</pubDate><guid>https://remkoweijnen.nl/blog/2017/12/13/change-netscaler-password-hash-sha1-sha512/</guid><description>&lt;p&gt;This morning I wanted to install the NetScaler patch for the TLS padding vulnerability and of course I made a backup before deploying it.&lt;/p&gt;
&lt;p&gt;&lt;strong&gt;Note&lt;/strong&gt;: If you haven&amp;rsquo;t installed this patch yet I would recommended to do so: see &lt;a href="https://support.citrix.com/article/CTX230238"&gt;CTX230238&lt;/a&gt; and check out the &lt;a href="https://robotattack.org/"&gt;ROBOT attack -Return Of Bleichenbacher&amp;rsquo;s Oracle Threat&lt;/a&gt; page to check which other products you may have that are vulnerable.&lt;/p&gt;
&lt;p&gt;Upon checking the backups (I always download the backup and verify that the archive is intact) I noticed that one of my NetScaler&amp;rsquo;s uses SHA1 for the password hash whilst the other one uses SHA512:&lt;/p&gt;
&lt;p id="NVylnDh"&gt;&lt;a href="https://remkoweijnen.nl/blog/wp-content/uploads/2017/12/image.webp" class="glightbox" data-type="image" data-gallery="post-4167"&gt;&lt;img loading="lazy" decoding="async" style="display: inline;" title="image" src="https://remkoweijnen.nl/blog/wp-content/uploads/2017/12/image_thumb.webp" alt="image" width="432" height="90" /&gt;&lt;/a&gt;&lt;/p&gt;
I thought that this was a little strange as both NetScaler's are running the exact same build. However one of them (the one that uses SHA512) was reinstalled recently whilst the one using SHA1 has been upgraded.</description></item></channel></rss>