What's Type 5 and what's Type 7

From Cisco NetAcademy: "Cisco recommends that Type 5 encryption be used instead of Type 7 whenever possible. MD5 encryption is a strong encryption method. It should be used whenever possible. It is configured by replacing the keyword password with secret."

Is it saying the command "enable secret XXXX" uses type 5 encryption? It says "it should be used whenever possible". Does it mean Type 5 is the strongest encryption?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

Vask3n

The Type 7 is actually not a hash but a reversable weak encryption whose purpose is to prevent against shoulder-surfing or realizing what the password is just by looking at the config- however, it can easily be reversed using a number of methods including online sites. Type 5 refers to a hashed password, which is irreversible.

Carpe Porcus

Level 7 uses a cypher which scrambles the password so the text displayed is different from that you typed, illustrated when you issue the show running-config command:

password 7 03075218050061

This is a first line defense against someone who has physical access and is easily broken if you care to Google the correct phrase you'll get sites that will reveal the password.

However, level 5 is slightly different:

enable secret 5 $1$mERr$hx5rVt7rPNoS4wqbXKX7m0

Is uses MD5 encryption and to my knowledge this hasn't yet been cracked.

The easiest way to remember is that MD5 displays 5 before the password and should always be used instead of level 7.