not a long time ago, Cisco introduced the secret 4 (for enable secret and username), now this secret 4 no longer seems to be an option (within the 3650 switch with the IOS-XE 03.03.01SE. There are the hashes 8 (PBKDF2) and 9 (SCRYPT) instead. For me this is new, is there a documentation which describes the function of these two options 8 and 9? Why is the option 4 no longer availalbe, is there any security concerns? Should be AES-256 as as far as I know, this option is really secure.
There are two different things at work here. First is the encryption of a password. For example, when you create your enable password, it is encrypted. The second part is the device encrypting the password in the config so they can't be reversed and recovered. That's done with service password-encryption aes. I thought level 4 was AES-SHA256, but I'm not 100% sure. I'd bet it's different on each platform as well.
while secret 4 was an attempt to implement something more secure than is classic MD5 hashes (secret 5), the implementation itself was severly flawed in multiple respects. It failed to actually implement most of the aspects that would have made that SHA256-based hash secure, first of all it lacked salting. This was even obvious from the configuration - identical passwords lead to identical encoded hash strings. It still took months and some external researchers to notify Cisco that something is wrong, and it ended with a PSIRT advisory roughly a year ago. And then, for the following several months, latest IOS versions still bugged you to use secret 4 even when you insisted on old-but-at-least-salted MD5 secrets. I've even used an external generator to avoid this pitfall until fixed implementations finally made it to customers (which is what happened over the last weeks). Now secret 5 is again the default (when you just enter "enable secret bla", it will generate an MD5 hash again) and the new solutions are pushed a lot less aggressively than was the disaster of secret 4. Give them a year for some external cryptologists to seriously probe them before ever touching them.
BTW, secret 4 had to go as it was unfixable - they could have implemented the method correctly, but it would have invalidated all the hashes existing in configurations out there. It's still getting an interesting transition period now, away again from busted secret 4...
Sorry for the rant, but this has been a "pet peeve" of mine, I had to discuss this with a lot of customers over the last 9 months or so...
This is an old thread but in case anyone else bumps into it let me give a little more info on the type-8 and type-9 passwords:
Type-8 passwords are what type-4 were meant to be: PBKDF2 (Password-Based Key Derivation Function 2) with 20000 iterations of SHA-256. While good, this is still vulnerable to brute-forcing since SHA-256 is easy to implement VERY fast in ASICS or graphics cards. That is not to say its easy, and in fact if you choose good passwords it is close to impossible, but it is doable
Type 9: Type 9 passwords use the scrypt algorithm from the crypto-currency guys. Its whole goal is to ensure that it is expensive to run the algorithm. It does this first by being hard to run in parallel and by requiring a tradeoff: Either use lots of memory and be fast or a little memory and be slow. The trick there is that ASICS and graphics cards don't have enough memory (memory BW) to run fast so in practice it is VERY SLOW to run this algorithm. The other interesting thing is that inside the algorithm is....Lots of PBKDF2 so in Scrypt you combine the best of both.
Bottom line: Either one of these is WAY more secure then type 5's and almost infinity more secure then the horrible broken type 4's.