07-29-2021 12:51 PM
Hi
I saw a good article about the different password types that Cisco offers. I am currently using Type 9. Would this be the most secure?
Thank you!
Solved! Go to Solution.
07-29-2021 01:05 PM
Hi,
8 or 9 (as long as your IOS supports them) seems to be the most secure.
HTH
07-29-2021 01:05 PM
Hi,
8 or 9 (as long as your IOS supports them) seems to be the most secure.
HTH
07-29-2021 01:14 PM
Hi
Yes, I am using Gibraltar 16.12.x IOS-XE and type 9 is supported using a manual logon for both EXEC & PRIV.
Do you think using Microsoft NPS radius for AD logon would actually weaken the security posture of the switch?
Not sure if Microsoft supports type 9.
07-29-2021 01:40 PM - edited 07-29-2021 01:41 PM
Hi,
Not sure about NPS but if you are looking for an authentication server Aruba ClearPass is a great product, easy to set up, easy to use, and intuitive. It is a complete NAC solution without the complicity of ISE and ACS.
HTH
07-29-2021 01:31 PM
@JohnRosso3555 : Password Type 9: These use the SCRYPT hashing algorithm defined in the informational RFC 7914. SCRYPT uses 80-bit salt, 16384 iterations. It’s very memory expensive to run the algorithm and therefore difficult to crack. Running it once occasionally on a Cisco device is fine though, this is currently the Best Practice Type password to use. I have not proven it but I believe it is possible that the popular tool HashCat is able to decrypt these.
Go ahead !
07-29-2021 01:56 PM
Hello
Yes algorithm-type scrypt (type 9) is the most secure
example:
username Fred privilege 15 algorithm-type scrypt secret xxxx
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide