Historically VMware has not used the strongest hashing algorithms to store root passwords on ESXi or ESX hosts. And to make matters worse, ESX/i 4.1 had a major security hole that was open for over four months, which you can read about here. The short story is that ROOT passwords in ESX/i 4.1 were only authenticated up to 8 characters. The screw up on VMware’s part was only using DES (not even 3DES) for the password encryption. DES is a joke, and even 3DES is not considered secure. One workaround for this major hole was to use MD5 hashing, but even that is not considered secure.
A couple of days ago VMware pushed a KB article how to increase the password encryption strength by using SHA512. SHA512 is considered secure and is very well respected. So I applaud VMware in publishing an article on how to enable this feature. I am still shocked it took VMware four months to publish a patch to plug the 8 character password hole.
I can only hope in 4.1 U1 and future releases that SHA512 is used by default. Having to hack system files to increase security is not my idea of a fun time.
