Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8948
Views
6
Helpful
3
Replies

Nexus 7000 type-9 password

Go to solution
HaraldNordaas34991
Level 1
Level 1

‎03-17-2021 11:19 AM

Hi !

Can we enable type-8 or type-9 passwords on cisco Nexus 7000 switches ?

I can see the max type supported on my nexus is type-5.

I want to create a local database of username and passwords on the switches.

 

Sw 8.3(2)

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
HaraldNordaas34991
Level 1
Level 1

‎03-29-2021 11:48 PM

Copy this answer from TAC :

When customers coming from IOS/IOS-XE look for Type 8 or Type 9 encryption for secrets, they usually want either SHA256 encryption or scrypt encryption. However, at first glance, NX-OS only offers Type 5 encryption (which in an IOS/IOS-XE world means MD5 hashing, which is obviously not secure).

 

In reality, NX-OS's "Type 5" encryption encrypts clear-text passwords using SHA256 along with a 5000-iteration of a 64-bit salt. This means that NX-OS's Type 5 encryption is equivalent to IOS/IOS-XE's Type 8 encryption. This is documented under the "Configuring User Accounts" heading of the "Managing User Accounts" chapter of the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, quoted below:

 

"You can enter the password in clear text format or encrypted format. The Cisco NX-OS password encrypts clear text passwords before saving them to the running configuration. Encrypted format passwords are saved to the running configuration without further encryption. SHA256 is the hashing algorithm used for password encryption. As a part of the encryption, a 5000 iteration of 64-bit SALT is added to the password."

 

Christopher Hart

Technical Consulting Engineer

Cisco TAC, Data Center Routing and Switching

View solution in original post

3 Replies 3

Go to solution
HaraldNordaas34991
Level 1
Level 1

‎03-29-2021 11:48 PM

Copy this answer from TAC :

When customers coming from IOS/IOS-XE look for Type 8 or Type 9 encryption for secrets, they usually want either SHA256 encryption or scrypt encryption. However, at first glance, NX-OS only offers Type 5 encryption (which in an IOS/IOS-XE world means MD5 hashing, which is obviously not secure).

 

In reality, NX-OS's "Type 5" encryption encrypts clear-text passwords using SHA256 along with a 5000-iteration of a 64-bit salt. This means that NX-OS's Type 5 encryption is equivalent to IOS/IOS-XE's Type 8 encryption. This is documented under the "Configuring User Accounts" heading of the "Managing User Accounts" chapter of the Cisco Nexus 7000 Series NX-OS Security Configuration Guide, quoted below:

 

"You can enter the password in clear text format or encrypted format. The Cisco NX-OS password encrypts clear text passwords before saving them to the running configuration. Encrypted format passwords are saved to the running configuration without further encryption. SHA256 is the hashing algorithm used for password encryption. As a part of the encryption, a 5000 iteration of 64-bit SALT is added to the password."

 

Christopher Hart

Technical Consulting Engineer

Cisco TAC, Data Center Routing and Switching

Go to solution
emil.krajci
Level 1
Level 1
In response to HaraldNordaas34991

‎09-29-2022 11:51 AM

Hi Christopher , 

is there any documentation to show that type5 on NX OS using SHA256?

> it is making a mess and also on link you shared I can see only MD5

thank you in advance

0 Helpful

Go to solution
nayzaw.win
Level 1
Level 1

‎01-19-2024 06:39 AM

HI Christopher
Can I check if NEXUS 7710 username creation support type 9 secret password?
Currently, all our username is type-5 password.
Current software version 7.3(3)D1(1)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card