Re: Cisco 93180YC-EX - password type 9

Barry Landon · ‎10-21-2020

Im running a Cisco 93180YC-EX nexus with nxos.9.2.3.bin. I can see password types for 0 and 5 but cannot see availiable type 9 or 8 for that matter. Although only interested in 9. Do i need to enable the function? Is it not supported? Do i need to upgrade the IOS?

We have C9300 runing 16.6.6 which permit type 9 without issue.

balaji.bandi · ‎10-21-2020

nexus support only 0-5 as per i know.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Christopher Hart · ‎10-24-2020

Hi Barry,

Unfortunately, Nexus platforms do not yet support Type 9 (scrypt) passwords. There are a handful of enhancement requests open to add this functionality, but based on my internal research, the enhancement has not been roadmapped to a specific future NX-OS software release. If possible, I would contact your account team (account manager, sales engineer, etc.) for more details about the roadmap for this feature.

For what it is worth, Type 5 passwords on Cisco NX-OS are not the traditional salt and MD5 hash that is found with Cisco IOS. Type 5 passwords in NX-OS utilize SHA256 hashing in addition to a multi-iteration 64-bit salt. This is documented in the "Configuring User Accounts and RBAC" chapter of the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:

"Beginning with Cisco NX-OS Release 7.0(3)I2(1), the SHA256 hashing method, which is stronger than MD5 hashing, is used to encrypt user passwords. As a part of the encryption, a 5000 iteration of 64-bit SALT is added to the password."

I hope this helps - thank you!

-Christopher