enable password vs enable secret vs service password-encryption
Even if you have passed the CCNA or higher certifications, there’s always something which still teases your mind and challenges your technical knowledge.
I am talking about password encryption in cisco routers. I did some research and investigated it myself.
From Official CiscoIOS Password Encryption Facts webpage:
“To determine which scheme has been used to encrypt a specific password, check the digit preceding the encrypted string in the configuration file. If that digit is a 7, the password has been encrypted using the weak algorithm. If the digit is a 5, the password has been hashed using the stronger MD5 algorithm.”
7 = type 7.weak encryption (reversible encryption)
enable password = plain text enable password in configuration file (show running-config)
enable secret = encrypts enable password using the MD5 Hashing algorithm. Password is encrypted in configuration file (show running-config).
According to Cisco, the ”enable password command should no longer be used”. Instead use the enable secret command.
From Official Cisco webpage:
“Enable secrets are hashed using the MD5 algorithm. As far as anyone at Cisco knows, it is impossible to recover an enable secret based on the contents of a configuration file (other than by obvious dictionary attacks).”