service password-encryption vs. enable password

mguymguy Member Posts: 167 ■■■□□□□□□□
in CCNA & CCENT
service password-encryption vs. enable secret
---

I thought the enable secret is already encrypted? What are the differences between these two commands?

*so sorry, I meant "enable secret" for the encrypted password (on the subject line)
· Share on FacebookShare on Twitter

Comments

  • fsanyeefsanyee Member Posts: 171
    enable secret: only enable pass encrypted
    service password-encryption: all password on a device is encrypted (vty, con....)
    · Share on FacebookShare on Twitter
  • Ltat42aLtat42a Member Posts: 587 ■■■□□□□□□□
    The enable-secret option encrypts your password when you configure the router. When someone looks at your running config, it will not display your "enable" password. However, if you DO NOT use the service password option, when someone views your running config, it will display all passwords except the "enable secret". It will show what your password is for your console line, and VTY (Telnet). When you DO use the service passsword-encryption, when someone views your running config, those passwords will NOT be displayed.

    Like this:
    Current configuration : 748 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname R1
    !
    !
    !
    enable secret 5 $1$mERr$GvDaTJK9lhdXRUPWKA74O0
    !
    - snip -

    line con 0
    password cisco
    login
    line vty 0 4
    password letmein
    login


    Here's service password-encryption enabled

    Current configuration : 765 bytes
    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    service password-encryption
    !
    hostname R1
    !
    !
    !
    enable secret 5 $1$mERr$GvDaTJK9lhdXRUPWKA74O0

    - snip -

    !
    line con 0
    password 7 0822455D0A16
    login
    line vty 0 4
    password 7 082D495A041C0C19
    login
    !

    Can't see these passwords!!

    HTH
    · Share on FacebookShare on Twitter
  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□
    Just be aware of this: IFM - Cisco Password Cracker
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

    · Share on FacebookShare on Twitter
  • ciscoman2012ciscoman2012 Member Posts: 313
    The best way I like to remember it is:

    Enable Secret: hashes your enable password so that even if someone has access to the configuration and could copy / paste the code into a Cisco Password Cracker they still wouldn't be able to figure out what the correct password is.

    Service password-encryption: This is used for encrypting all your passwords so that they cannot be easily read by people watching you configure the switch over your shoulder. It is a lot better having the passwords not show clear text as then other people who don't need to be accessing the switch still do not know. Now, you don't want to be passing around your configs to everyone because if they get the config and copy / paste the password, even with service password-encryption enabled, it will be easily crackable in many websites. The only secure way is using enable secret.
    · Share on FacebookShare on Twitter
  • sizeonsizeon Member Posts: 321
    enable secret is automatically encrypted when set. Also, it sets a "password' in-order to log into privilege exec mode.
    service password-encryption is a command that encrypts passwords after you reload the device or do a show run command.

    Please take note that a "secret" is prefer by the device over a "password"
    · Share on FacebookShare on Twitter
  • nikooonikooo Registered Users Posts: 2 ■□□□□□□□□□
    Basic was already described in previous posts, but if we want some reference to Cisco: Cisco IOS Password Encryption Facts - Cisco Systems
    · Share on FacebookShare on Twitter
Sign In or Register to comment.