09-03-2015 02:55 AM - edited 03-10-2019 12:29 AM
Hi,
I'm currently reviewing my companies switch archiving setup and one thing I noticed was the lack of the "hidekeys" command within the archive configuration. I wonder if this is really required when the password-encryption service is enabled as surely all passwords would be encrypted anyway?
Thanks!
Solved! Go to Solution.
09-03-2015 09:07 AM
"service password-encryption" is a very weak security-measure as it's reversible. The algorithm is documented and anyone sniffing the transfer can restore the passwords. With that, these passwords have to be considered plaintext. Now you have to decide if that's a problem for your environment.
Best practice is to move to hashed passwords where possible. For user accounts just move to the "secret" form of configuration. But for all kind of routing-protocol-passwords that is not possible.
09-03-2015 09:07 AM
"service password-encryption" is a very weak security-measure as it's reversible. The algorithm is documented and anyone sniffing the transfer can restore the passwords. With that, these passwords have to be considered plaintext. Now you have to decide if that's a problem for your environment.
Best practice is to move to hashed passwords where possible. For user accounts just move to the "secret" form of configuration. But for all kind of routing-protocol-passwords that is not possible.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide