service password-encryption

haithamnofal · ‎07-06-2006

Hi There,

If I want to configure "service password-encryption" on my internet and WAN routers, would there be any perofrmance degradation or over cpu consumption?

Appreciate your feedback.

Regards,

Haitham

Richard Burts · ‎07-06-2006

Haitham

There is no CPU consumption or other performance degradation if you configure service password-encryption.

HTH

Rick

HTH

Rick

devang_etcom · ‎07-06-2006

no it will not affect your cpu usage

regards

Devang

glen.grant · ‎07-06-2006

No as others have said all it does is encrypt the vty and console passwords in the config which is basically a text file , makes no difference...

Kevin Dorrell · ‎07-06-2006

To add to what the others have said, the result from service password-encryption is that the vty and user password are encrypted in listing with a type '7' encryption, which is child's-play to crack.

If you are concerned about protecting the passwords, set up a set of local user names to do your management and give them a "secret" rather than a passord, then do a login local on your vty lines. That will give them a type '5' encryption, like the enable secret, which is much more secure.

You can see the encryption type in the config listing.

Incidentally, if you introduce service password-encrytion, then it will encrypt your passwords in the config listing. If you then do no service password-encryption, it will not reverse the encryption on passwords that are already encrypted, but the passwords will still work nevertheless.

Try it out on a lab router before you do it on a production network!

Kevin Dorrell

Luxembourg