CCNP Enterprise Core (350-401) Cisco Security

Cisco Password Types

There are five available types of password security in Cisco IOS

Type 0

Type 0 are most insecure as they are not encrypted and are visible in the device configuration in plaintext.

Type 4

Type 4 is a discontinued password encryption that was discontinued from IOS 15.3 due a flaw in its implementation, it should not be used

Type 5

Type 5 use a Cisco proprietary encryption algorithm that makes use of the MD5 hashing algorithm.

They are considered to be irreversible.

The only way to crack type 5 passwords is by performing brute force attacks.

Type 7

Type 7 use a weak Cisco proprietary Vigenre cypher encryption algorithm and is known to be weak.

There are multiple online utilities that can decipher type 7 passwords in less than a second.

Type 7 passwords are enabled with the command service password-encryption for passwords that normally store in Type 0

Type 8

Type 8 passwords use a Password-Based Key Derivation Function 2 with a SHA-256 hashed secret and are considered to be uncrackable

Type 9

Type 9 passwords use the SCRYPT hashing algorithm and are considered to be uncrackable

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.