The enhanced password security in
Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption
for passwords. Prior to this feature the encryption level on Type 7 passwords
used a week encryption and can be cracked easily and the clear text password
(type 0) as anyone would know is completely insecure. Anyone who can gain
access to the privilege mode can view/decrypt these passwords.
To configure enhanced password security, create a user with MD5 password encryption as follows from the Global configuration mode:
MD5 Encryption on clear text password:
You can enter a clear text password which will be encrypted using MD5 algorithm
To configure enhanced password security, create a user with MD5 password encryption as follows from the Global configuration mode:
MD5 Encryption on clear text password:
You can enter a clear text password which will be encrypted using MD5 algorithm
ciscorouter(config)# username
ciscoadmin secret ciscopass
where ciscoadmin is the user and his
clear text password "ciscopass" which will then be converted into a
MD5 encrypted text.
This is equivalent to
This is equivalent to
ciscorouter(config)# username
ciscoadmin secret 0 ciscopass
where "0" [default]
indicates MD5 encryption on a clear text password.
MD5 encrypted text as password
To enter an MD5 encrypted password instead of a clear text password
MD5 encrypted text as password
To enter an MD5 encrypted password instead of a clear text password
ciscorouter(config)# username
ciscoadmin secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
where "5" indicates the
entered password is a MD5 encrypted text.
To verify the logins with MD5 encryption,
Clear Text password
To verify the logins with MD5 encryption,
Clear Text password
ciscorouter# show running-config
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 0 $1$53Ew$Dp8.E4JGpg7rKxQa49BF9/
!
username ciscoadmin secret 5 $1$fBYK$rH5/OChyx/!
…
…
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 0 $1$53Ew$Dp8.E4JGpg7rKxQa49BF9/
!
username ciscoadmin secret 5 $1$fBYK$rH5/OChyx/!
…
…
MD5 encrypted text entered as password
ciscorouter# show running-config
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
!
username ciscoadmin secret 5!
ip subnet-zero
!
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ciscorouter
!
logging rate-limit console 10 except errors
no logging console
enable secret 5 $1$feb0$a104Qd9UZ./Ak00KTggPD0
!
username ciscoadmin secret 5!
ip subnet-zero
Here the MD5 encrypted password entered itself is not displayed against the username.
No comments:
Post a Comment