What's Type 5 and what's Type 7

workfrom925workfrom925 Posts: 196Member
From Cisco NetAcademy: "Cisco recommends that Type 5 encryption be used instead of Type 7 whenever possible. MD5 encryption is a strong encryption method. It should be used whenever possible. It is configured by replacing the keyword password with secret."

Is it saying the command "enable secret XXXX" uses type 5 encryption? It says "it should be used whenever possible". Does it mean Type 5 is the strongest encryption?

Comments

  • Vask3nVask3n Posts: 517Member
    The Type 7 is actually not a hash but a reversable weak encryption whose purpose is to prevent against shoulder-surfing or realizing what the password is just by looking at the config- however, it can easily be reversed using a number of methods including online sites. Type 5 refers to a hashed password, which is irreversible.
    Working on MS-ISA at Western Governor's University
  • Carpe PorcusCarpe Porcus Posts: 84Member ■■□□□□□□□□
    Level 7 uses a cypher which scrambles the password so the text displayed is different from that you typed, illustrated when you issue the show running-config command:

    password 7 03075218050061

    This is a first line defense against someone who has physical access and is easily broken if you care to Google the correct phrase you'll get sites that will reveal the password.

    However, level 5 is slightly different:

    enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

    Is uses MD5 encryption and to my knowledge this hasn't yet been cracked.

    The easiest way to remember is that MD5 displays 5 before the password and should always be used instead of level 7.
    “I'm always admitting I'm wrong. That's how I eventually get to right.”
Sign In or Register to comment.