Regarding password

I came across this question.

Which of the following is true regarding passwords on a Cisco Router and/or Switch?

a. You can decrypt passwords using the “no service encryption” command.

b. The password “cisco” is all you’ll ever need.

c. Type 5 Passwords are uncrackable.

d. Type 7 passwords are uncrackable.

I think none of them is correct.

A. "no service encryption' is not a correct command. It can't be entered.
B is obviously wrong.
C and D are wrong because nothing can't be uncrackable with enough time.

What do you think?

Find more posts tagged with

Save $250 on 2025 certification boot camps from Infosec!

Book now with code EOY2025

Button

Comments

steveyeung

i also think none is correct.
what's the answer?

DCD

workfrom925 wrote: »

A. "no service encryption' is not a correct command. It can't be entered.

What do you think?

You are incorrect. This is not the answer but the command is useable. It's over have the page down.

Cisco IOS Security Command Reference, Release 12.2 - Passwords and Privileges Commands [Cisco IOS Software Releases 12.2 Mainline] - Cisco Systems

Samo3411

C is the correct answer , type 5 password is MD5 hash

workfrom925

DCD wrote: »

You are incorrect. This is not the answer but the command is useable. It's over have the page down.

Cisco IOS Security Command*Reference, Release*12.2 - Passwords and Privileges Commands* [Cisco IOS Software Releases 12.2 Mainline] - Cisco Systems

Even with correct command syntax, which is "no service password-encryption", it only keep new passwords unencrypted after the command is entered. The old encrypted password stays encrypted. That's my understanding.

workfrom925

Samo3411 wrote: »

C is the correct answer , type 5 password is MD5 hash

You mean, if this question actually appears on my test, C should be the best answer?

workfrom925

BTW, what's the difference between the passwords created with these two commands: "user USER secret PASS" and "enable secret PASS"?

My understanding is, the password created with "enable secret PASS" is used only when we trying to get into Exec mode (Is it called Exec mode?) While the user/password created with "user USER secret PASS" is used for telnet and PVN access to the router. Am I correct?

Zartanasaurus

workfrom925 wrote: »

You mean, if this question actually appears on my test, C should be the best answer?

You're kind of overthinking this. While it's true that given enough time and processing power, an MD5 hash could be cracked, it is designed to be a 1-way encryption, as opposed to Type 7 which is not IE it's reversible. Plus, you have to pick ONE answer, and that one is the most correct.

The enable password is for getting into privileged exec mode, not exec mode.

You can use the username/password for other stuff, including direct access to privileged exec mode, but you're thinking along the right lines.

NetworkVeteran

I will add, to the good counsel of Zatanasaurus, that Cisco wouldn't ask this question because "uncrackable" is semi-silly. Still, answer C is obviously the best answer, and the one that should be picked during a test.