Subscribe Subscribe | Subscribe Comments RSS
Subscribe in Bloglines

Add to netvibes
Add to Google Reader or Homepage

The enhanced password security in Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption for passwords. Prior to this feature the encryption level on Type 7 passwords used a week encryption and can be cracked easily and the clear text password (type 0) as anyone would know is completely insecure. Anyone who can gain access to the privilege mode can view/decrypt these passwords.

 
To configure enhanced password security, create a user with MD5 password encryption as follows from the Global configuration mode:

MD5 Encryption on clear text password:

You can enter a clear text password which will be encrypted using MD5 algorithm

ciscorouter(config)# username ciscoadmin secret ciscopass

where ciscoadmin is the user and his clear text password "ciscopass" which will then be converted into a MD5 encrypted text.

This is equivalent to

ciscorouter(config)# username ciscoadmin secret 0 ciscopass

where "0" [default] indicates MD5 encryption on a clear text password.

MD5 encrypted text as password

To enter an MD5 encrypted password instead of a clear text password

ciscorouter(config)# username ciscoadmin secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0

where "5" indicates the entered password is a MD5 encrypted text.

To verify the logins with MD5 encryption,

Clear Text password

ciscorouter# show running-config
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 0 $1$53Ew$Dp8.E4JGpg7rKxQa49BF9/
!
username ciscoadmin secret 5 $1$fBYK$rH5/OChyx/
!

MD5 encrypted text entered as password

ciscorouter# show running-config
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
!
username ciscoadmin secret 5
!
ip subnet-zero

Here the MD5 encrypted password entered itself is not displayed against the username.

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

2 Comments so far »

  1. by md5pass, on October 19 2010 @ 5:35 am

     

    I’ll try this steps to manage my cisco.. thanks bro..

  2. by Worthington, on December 24 2010 @ 11:45 pm

     

    Sir,
    Will u plz decrypt a hash to a plain text password.The hash is
    2af108d485a26d3a2384d4da35c7bcd7.
    plz send it to my email add.
    tdhritiman@yahoo.in

Comment RSS · TrackBack URI

Leave a comment

Name: (Required)

eMail: (Required)

Website:

Comment: