The enable password command should no longer be used. Use enable secret instead.
username joeblow password mypass command should no longer be used. Use username joeblow secret mypass instead.
Type 4 Passwords should never be used!
Type 9 encryption is more resource intensive than Type 8, and both are more intensive than Type 5 (but all operate on an 8xx router fine)
Use Type 9 if you are able to. If the IOS you have does not support Type 9 then use Type 7.
Cisco Password Type’s
Cisco created Type 4 around 2013 in an attempt to strengthen password, unfortunately the attempt was severely flawed and resulted in a hash that was weaker than a Type 5 MD5. See the PSIRT below. Cisco IOS and Cisco IOS XE Type 4 Passwords Issue
These use a very simple MD5 hashing algorithm. These are easily reversible with tools on the internet. These should only be used if Type 9 is not available on the IOS version you are running.
These use the Vigenere cipher, a very simple algorithm that was cracked in 1995. These are easily reversible with tools on the internet. These should never be used.
Type 8 passwords are what Type 4 was meant to be, PBKDF2, SHA-256, 80 bit salt, 20,000 iterations. While this is good, it is still vulnerable to brute forcing since AES is easy to implement in graphics cards. I have not proven it but I believe it is possible that the popular tool HashCat is able to decrypt these.
These use the SCRYPT hashing algorithm SCRYPT, 80 bit salt, 16384 iterations. It’s expensive to run the algorithm and therefore currently the Best Practice Type password to use. I have not proven it but I believe it is possible that the popular tool HashCat is able to decrypt these.
Please rate or comment to help make this document better!
Hi,A customer purchased Cisco C9200L switches with both C9200L Network Essential & C9200L Cisco DNA Essentials. Both lic. are showing EVAL Mode when he checked them against "show lic summary", and they are already under produ...
Hi, I'm trying to connect two 93180 switches. However, when I connect the sfp into the switch the amber light on the interface goes out. When I connect the fibers to the sfp, the switches will not establish a link. I defaulted the i...
I am building a new environment using a 6509-E with 2 SUP S2T45's. One SUP has VS-F6K-MSFC5 HW version 3.0 and VS-F6K-PFC4 HW version 3.0. The other SUP has version 2.1 on the corresponding modules. Could there be an issue down the road ...
I'm trying to see where do my packets go in a conexion between Host5 and PC1, so I do 'tracert 220.127.116.11' in Host5.The path should be R10 --> R9 --> R12 --> R11, since I changed the cost of the link between R9 and R11, so R9 goes through R12 ...