10-21-2020 02:12 AM
Im running a Cisco 93180YC-EX nexus with nxos.9.2.3.bin. I can see password types for 0 and 5 but cannot see availiable type 9 or 8 for that matter. Although only interested in 9. Do i need to enable the function? Is it not supported? Do i need to upgrade the IOS?
We have C9300 runing 16.6.6 which permit type 9 without issue.
10-21-2020 11:51 AM
nexus support only 0-5 as per i know.
10-24-2020 06:31 AM
Hi Barry,
Unfortunately, Nexus platforms do not yet support Type 9 (scrypt) passwords. There are a handful of enhancement requests open to add this functionality, but based on my internal research, the enhancement has not been roadmapped to a specific future NX-OS software release. If possible, I would contact your account team (account manager, sales engineer, etc.) for more details about the roadmap for this feature.
For what it is worth, Type 5 passwords on Cisco NX-OS are not the traditional salt and MD5 hash that is found with Cisco IOS. Type 5 passwords in NX-OS utilize SHA256 hashing in addition to a multi-iteration 64-bit salt. This is documented in the "Configuring User Accounts and RBAC" chapter of the Cisco Nexus 9000 Series NX-OS Security Configuration Guide:
"Beginning with Cisco NX-OS Release 7.0(3)I2(1), the SHA256 hashing method, which is stronger than MD5 hashing, is used to encrypt user passwords. As a part of the encryption, a 5000 iteration of 64-bit SALT is added to the password."
I hope this helps - thank you!
-Christopher
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide