Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6430
Views
0
Helpful
3
Replies

SHA 256 enable password on 6509 and 4500

CATYO
Level 1
Level 1

‎03-16-2015 07:13 PM - edited ‎03-07-2019 11:07 PM

Hello. 

 

I just want to know how to configure SHA256 of enable password on 6509/4500. and which IOS version supports it??

 

I tried to find out but i couldn't . 

Sorry for this easy question. : (

 

My 4500 is running with 15.2(Catalyst 4500 L3 Switch  Software (cat4500e-IPBASEK9-M), Version 15.2(3)E, RELEASE SOFTWARE (fc4))

and when i typed ' enable secret ?'

(config)#enable secret ?
  0      Specifies an UNENCRYPTED password will follow
  5      Specifies a MD5 HASHED secret will follow
  8      Specifies a PBKDF2 HASHED secret will follow
  9      Specifies a SCRYPT HASHED secret will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' secret
  level  Set exec level password

there is no type 4. 

 

But when i create user account, it looks support. 

(config)#username test algorithm-type ?
  md5     Encode the password using the MD5 algorithm
  scrypt  Encode the password using the SCRYPT hashing algorithm
  sha256  Encode the password using the PBKDF2 hashing algorithm

 

What's wrong ?

 

Thank you in advance : )

 

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎03-16-2015 07:26 PM

Hi,

Here is how to configure it and the version that supports it:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/security/d1/sec-d1-cr-book/sec-cr-e1.html#wp4278835710

enable algorithm-type { md5 | scrypt | sha256 }

HTH

0 Helpful

CATYO
Level 1
Level 1
In response to Reza Sharifi

‎03-16-2015 08:04 PM

Thank you for your prompt reply. 

I checked it and it says

15.0(1)S

This command was integrated into Cisco IOS Release 15.0(1)S. Support for the type 4 algorithm was added.

But my c2900 with c2900-universalk9-mz.SPA.152-4.M7.bin doesn't have type 4 command. 

  R1(config)#enable secret ?
  0      Specifies an UNENCRYPTED password will follow
  5      Specifies a MD5 HASHED secret will follow
  8      Specifies a PBKDF2 HASHED secret will follow
  9      Specifies a SCRYPT HASHED secret will follow
  LINE   The UNENCRYPTED (cleartext) 'enable' secret
  level  Set exec level password

 

What seems to be the problem ? T.T

 

 

 

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to CATYO

‎01-18-2016 01:51 AM

You absolutely do not want to use a type 4 password.  Use something like the below.  It's not SHA256 - it is better.  SHA256 is used to test if something has been tampered with - which is not really want you want for a password hash.  scrypt is far more suitable.

enable algorithm-type scrypt secret <password>

0 Helpful
Customers Also Viewed These Support Documents