05-26-2012 05:45 AM - edited 03-04-2019 04:28 PM
Hi there,
This has been bugging me for a while and I cannot find much if any documentation about it. But how do you go about using enable secret 4 (sha256) instead of enable secret 5. Is this feature only available in a particular IOS train or is it a feature you have to activate?
Rob
Solved! Go to Solution.
05-29-2012 01:47 AM
Hi Rob,
It seems you need 15.2(03)T1, version 15.2(03)T does not have this supported. T1 will be released at 06/29.
Kind Regards,
Ivan
**Please grade this post if you find it useful.
05-26-2012 10:47 PM
Hi Rob,
Ecnryption types 0, 4 and 5 were added to this command starting with 15.0(1)S release. See this comman reference:
http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_e1.html#wp1042287
Level 4 encryption is SHA256, which is superior to md5 (level 5 encryption). This was made the default in 15.0(1)S and md5 password encryption will be deprecated eventually.
The latest 15.1 releases already generate a warning in case of using md5, such as:
Warning: MD5 encryption will be deprecated soon. Please move to SHA256 encryption.
Kind Regards,
Ivan
**Please grade this post if you find it useful.
05-27-2012 12:49 AM
Hi Ivan,
Thanks for the reply. The reason I was confused was we upgraded a 2951 to a later version of IOS (15.2) and the feature doesnt appear to be there. When entering enable secret there is no option for encryption type 4. I can check for definite tomorrow what release of code it is. Is it possible this version has the feature missing?
Thanks
Rob
05-27-2012 05:19 AM
Hi Rob,
It works on 2900 platform starting with versions 15.2(2)T1 and 15.2(03)T1 - "enable secret 4 ...".
What is your exact image version?
Kind Regards,
Ivan
**Please grade this post if you find it useful.
05-29-2012 12:32 AM
Hi Ivan,
We were running c2951-universalk9-mz.SPA.152-2.T1.bin which had the feature enable but when we upgraded to
c2951-universalk9-mz.SPA.152-3.T.bin the feature wasnt there. Its seems like it may have been missed off the later release?
So in summary
working
c2951-universalk9-mz.SPA.152-2.T1.bin
Not available
c2951-universalk9-mz.SPA.152-3.T.bin
Weird?
Thanks
Rob
05-29-2012 01:47 AM
Hi Rob,
It seems you need 15.2(03)T1, version 15.2(03)T does not have this supported. T1 will be released at 06/29.
Kind Regards,
Ivan
**Please grade this post if you find it useful.
05-30-2012 01:10 AM
Thanks Ivan.
05-30-2012 01:35 AM
Glad to help, Rob.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide