Friday, March 16, 2012


 The enhanced password security in Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption for passwords. Prior to this feature the encryption level on Type 7 passwords used a week encryption and can be cracked easily and the clear text password (type 0) as anyone would know is completely insecure. Anyone who can gain access to the privilege mode can view/decrypt these passwords.

To configure enhanced password security, create a user with MD5 password encryption as follows from the Global configuration mode:

MD5 Encryption on clear text password:
You can enter a clear text password which will be encrypted using MD5 algorithm
ciscorouter(config)# username ciscoadmin secret ciscopass
where ciscoadmin is the user and his clear text password "ciscopass" which will then be converted into a MD5 encrypted text.
This is equivalent to
ciscorouter(config)# username ciscoadmin secret 0 ciscopass
where "0" [default] indicates MD5 encryption on a clear text password.

MD5 encrypted text as password
To enter an MD5 encrypted password instead of a clear text password
ciscorouter(config)# username ciscoadmin secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
where "5" indicates the entered password is a MD5 encrypted text.

To verify the logins with MD5 encryption,
Clear Text password
ciscorouter# show running-config
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 0 $1$53Ew$Dp8.E4JGpg7rKxQa49BF9/
!
username ciscoadmin secret 5 $1$fBYK$rH5/OChyx/!



MD5 encrypted text entered as password
ciscorouter# show running-config
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
!
username ciscoadmin secret 5!
ip subnet-zero

Here the MD5 encrypted password entered itself is not displayed against the username

Leave a Reply

Subscribe to Posts | Subscribe to Comments

Pageviews

Followers

Blog Archive

Powered by Blogger.

- Copyright © 2013 Selva Sharing -Selvasharing- Powered by Blogger - Designed by @ Access -