no service password-encryption and enable secret

Discussion in 'Cisco' started by Hellen, Apr 2, 2004.

  1. Hellen

    Hellen Guest

    For anyone know, pls help.

    What is the difference between these two commands?

    Thanks a lot!!!!
     
    Hellen, Apr 2, 2004
    #1
    1. Advertising

  2. Hellen

    Hansang Bae Guest

    In article <>,
    says...
    > For anyone know, pls help.
    >
    > What is the difference between these two commands?


    The former will show type 7 passwords in clear text in the
    running/startup config. The latter is an md5 hash that cannot be broken
    - to date.


    --

    hsb

    "Somehow I imagined this experience would be more rewarding" Calvin
    *************** USE ROT13 TO SEE MY EMAIL ADDRESS ****************
    ********************************************************************
    Due to the volume of email that I receive, I may not not be able to
    reply to emails sent to my account. Please post a followup instead.
    ********************************************************************
     
    Hansang Bae, Apr 2, 2004
    #2
    1. Advertising

  3. "Hansang Bae" <> wrote in message
    news:...
    > In article <>,
    > says...
    > > For anyone know, pls help.
    > >
    > > What is the difference between these two commands?

    >
    > The former will show type 7 passwords in clear text in the
    > running/startup config. The latter is an md5 hash that cannot be broken
    > - to date.


    Actually, the password "encryption" is really more of an "obfuscation",
    since it is designed to be easily reversed for things that require access to
    cleartext passowrds such as ARAP and CHAP. This is a "Type 7" password,
    which sevice password-encryption does.

    Secret is a "trapdoor" encryption, an MD5 hash which is not breakable except
    by a dictionary attack. However, since it is not reversible, it cannot be
    used with ARAP or CHAP.

    Cisco also added "username foo secret bar" to allow local username databases
    to take advantage of nonreversible encryption. There is also

    line vty 0 4
    secret foobar

    to repalce vty passwords.

    Summary:

    password-encryption, type 7 : reversible.
    secret, type 5, nonreversible.

    Cisco ALSO added a type 6 password, which is also a reversible password
    except that it uses AES encryption. The main difference is that the Cisco
    user gets to provide the reversing salt (type 7 has a fixed reversing
    salt). This makes it much harder to crack, but makes a strongly encryped
    password available in reversible form. The only problem with type 6 is that
    you cannot paste it between routers unless the routers have identical salts.
    This was done to allow strong encryption of IPSEC preshared heys.

    http://www.cisco.com/en/US/tech/tk583/tk372/technologies_configuration_example09186a00801f2336.shtml


    More details on type 5 and 7 passwords at
    http://archives.neohapsis.com/archives/vuln-dev/1999-q4/0009.html
     
    Phillip Remaker, Apr 3, 2004
    #3
  4. Hellen

    AnyBody43 Guest

    "Phillip Remaker" <> wrote
    > "Hansang Bae" <> wrote
    > > says...
    > > > For anyone know, pls help.
    > > >
    > > > What is the difference between these two commands?

    > >
    > > The former will show type 7 passwords in clear text in the
    > > running/startup config. The latter is an md5 hash that cannot be broken
    > > - to date.

    >
    > Actually, the password "encryption" is really more of an "obfuscation",
    > since it is designed to be easily reversed for things that require access to
    > cleartext passowrds such as ARAP and CHAP. This is a "Type 7" password,
    > which sevice password-encryption does.

    <... snip ...>

    I agree.

    I think that all Cisco system managers should be aware that
    tools to reverse the type 7 passwords are readily available on
    the internet.


    Thanks for the type 6 comments, very nice stuff.
     
    AnyBody43, Apr 5, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. ns
    Replies:
    11
    Views:
    12,465
    Hansang Bae
    Feb 9, 2005
  2. Psychometrically Validated
    Replies:
    13
    Views:
    1,041
    Psychometrically Validated
    Feb 22, 2006
  3. =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D

    Which hard drive encryption program has the strongest tested encryption & security?

    =?iso-8859-1?Q?-=3D|__=28=BAL=BA=29__|=3D-____o=3D, Sep 24, 2004, in forum: Computer Security
    Replies:
    6
    Views:
    3,865
    Kornholio
    Feb 20, 2008
  4. Whiskers

    Radio play; Nigerian scam and secret service

    Whiskers, Apr 14, 2007, in forum: Computer Support
    Replies:
    2
    Views:
    1,192
    Tester
    Apr 14, 2007
  5. Georgiy

    enable encryption to wireless router

    Georgiy, Jan 16, 2010, in forum: Wireless Networking
    Replies:
    5
    Views:
    1,911
    Georgiy
    Jan 23, 2010
Loading...

Share This Page