cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
160452
Views
37
Helpful
6
Replies

enable password and enable secret

vishalpatil86
Level 1
Level 1

hi

whats the difference between enable password and enable secret?

does secret encrypt the password we have given?

6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame
does secret encrypt the password we have given?

Passwords will be encrypted if you use the command "service password-encryption".

whats the difference between enable password and enable secret?

Password will take prescedence over secret.

Old post I know, but just wanted to make sure this was corrected in case anyone else stumbles on this answer as I have. It's the other way around. Secret overrides password.

Interesting, but apparently its good practice to use secret bc of higher encryption. Thanks  

I kept wondering why use both. 

According Cisco documentation is the opposite. 

If you configure the enable secret command, it takes precedence over the enable password command; the
two commands cannot be in effect simultaneously.
If you enable password encryption, it applies to all passwords including username passwords, authentication
key passwords, the privileged command password, and console and virtual terminal line passwords

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-10/configuration_guide/sec/b_1610_sec_9200_cg/controlling_switch_access_with_passwords_and_privilege_levels.pdf

 

ninoroygaleos
Level 1
Level 1

Hi vishal patil,

The difference is that,

# enable password - it will enables a password that based on a clear text, unlike,

# enable secret - it will enables a password and password encryption that based on the md5 hashing algorithm. This is is a most recommended command to supply while enabling a password to any cisco network devices.

-onin.

IT_Joe
Level 1
Level 1

Cisco had enable password to store passwords for the use of privileged EXEC commands by console or remote (vty) users. These passwords were stored as clear-text in the configuration, and could be read by anyone calling show running-config.

Cisco then implemented service password-encryption to store these passwords as a different combination of characters using an algorithm. These are the passwords of type "7". This was still insecure: Googling "cisco password decryption" will yield websites that will decrypt type 7 passwords.

Finally, Cisco came up with enable secret which hashes the passwords with an MD5 algorithm. The only way to find the original passwords would be through the use of a rainbow table, and even that is unlikely as more than two character strings may return the same MD5 hash.

Review Cisco Networking for a $25 gift card