cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
302
Views
0
Helpful
5
Replies
JohnRosso3555
Beginner

Password Types

Hi

 

I saw a good article about the different password types that Cisco offers. I am currently using Type 9. Would this be the most secure?

 

Thank you!

1 ACCEPTED SOLUTION

Accepted Solutions
Reza Sharifi
Hall of Fame Expert

5 REPLIES 5
Reza Sharifi
Hall of Fame Expert

Hi

 

Yes, I am using Gibraltar 16.12.x IOS-XE and type 9 is supported using a manual logon for both EXEC & PRIV.

 

Do you think using Microsoft NPS radius for AD logon would actually weaken the security posture of the switch?

Not sure if Microsoft supports type 9.

Hi,

Not sure about NPS but if you are looking for an authentication server Aruba ClearPass is a great product, easy to set up, easy to use, and intuitive. It is a complete NAC solution without the complicity of ISE and ACS.

https://cdw-prod.adobecqms.net/content/dam/cdw/on-domain-cdw/brands/aruba/ds-clearpass-policymanager.pdf?cm_ven=acquirgy&cm_cat=google&cm_pla=S3+HPE+Aruba&cm_ite=ClearPass+B&ef_id=CjwKCAjwo4mIBhBsEiwAKgzXONWTOswGvJv4VPHLgXZCNp3d4bFEA80uTQ5ba1SyJrwdjE...

 

https://www.arubanetworks.com/techdocs/ClearPass/CP_ReleaseNotes_6.8.0/Content/WhatsNew/NewFeatures_PolicyMgr.htm

 

HTH

 

 

 

 

 

 

 

 

inderdeeps
Enthusiast

@JohnRosso3555 : Password Type 9: These use the SCRYPT hashing algorithm defined in the informational RFC 7914. SCRYPT uses 80-bit salt, 16384 iterations. It’s very memory expensive to run the algorithm and therefore difficult to crack. Running it once occasionally on a Cisco device is fine though, this is currently the Best Practice Type password to use. I have not proven it but I believe it is possible that the popular tool HashCat is able to decrypt these.

Go ahead !

paul driver
VIP Mentor

Hello

Yes algorithm-type scrypt (type 9) is the most secure

example:
username Fred privilege 15 algorithm-type scrypt secret xxxx



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future