02-29-2012 07:06 PM - edited 02-21-2020 04:34 AM
hi
whats the difference between enable password and enable secret?
does secret encrypt the password we have given?
02-29-2012 07:26 PM
does secret encrypt the password we have given?
Passwords will be encrypted if you use the command "service password-encryption".
whats the difference between enable password and enable secret?
Password will take prescedence over secret.
03-24-2020 04:08 PM
Old post I know, but just wanted to make sure this was corrected in case anyone else stumbles on this answer as I have. It's the other way around. Secret overrides password.
03-19-2023 04:02 PM
Interesting, but apparently its good practice to use secret bc of higher encryption. Thanks
I kept wondering why use both.
03-20-2024 10:57 AM
According Cisco documentation is the opposite.
If you configure the enable secret command, it takes precedence over the enable password command; the
two commands cannot be in effect simultaneously.
If you enable password encryption, it applies to all passwords including username passwords, authentication
key passwords, the privileged command password, and console and virtual terminal line passwords
03-05-2012 12:24 AM
Hi vishal patil,
The difference is that,
# enable password - it will enables a password that based on a clear text, unlike,
# enable secret - it will enables a password and password encryption that based on the md5 hashing algorithm. This is is a most recommended command to supply while enabling a password to any cisco network devices.
-onin.
10-27-2023 12:26 PM - edited 10-27-2023 12:26 PM
Cisco had enable password to store passwords for the use of privileged EXEC commands by console or remote (vty) users. These passwords were stored as clear-text in the configuration, and could be read by anyone calling show running-config.
Cisco then implemented service password-encryption to store these passwords as a different combination of characters using an algorithm. These are the passwords of type "7". This was still insecure: Googling "cisco password decryption" will yield websites that will decrypt type 7 passwords.
Finally, Cisco came up with enable secret which hashes the passwords with an MD5 algorithm. The only way to find the original passwords would be through the use of a rainbow table, and even that is unlikely as more than two character strings may return the same MD5 hash.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide