I was changing the username and password on our routers, currently it is as follows
userrname xxxx privilege 15 secret 5 xxxxxxxxxxx
When I enter the new username and secret 5 password, I'm getting this
username xxxx privilege 15 secret 4 xxxxxxxx
Can someone tell me why I'm getting the type 4 password as opposed to typ 5? The command I'm entering is
username xxxx privilege 15 secret xxxxxx
Even when I removed the previous usename and password and entered the new username and password, it still set it to type 4. The strange thing is that it didn't do this with all of our routers, some routers are displaying the new username and type 5 password correctly, about 23 out 150 routers are showing the password as type 4. Two things.
1. How can I fix this?
2. What's the difference between type 4 and type 5? Would it be ok to simply leave teh 23 routers with a tye 4 password or should I make them type 5?
I've also included a screenshot
Any help would be great
Are all routers running with the same IOS?
The differnence between type 4 and type 5 password is the encryption where type 4 is sha256 and type is md5.
In the past i got a message during booting the switch/router after upgrading from IOS 12.x to 15.x like: change to new encryption, md5 can be deprecated soon.
No they're are not running the same IOS, but the type 5 password was on ALL the routers, but when I changed the username and password on them, majority of the routers continue to show type 5 whereas about 23 of them displayed type 4. There's been no change on the routers as far as IOS updates or anything like that, that's why I don't understand how just changing the username and password would change the password type to 4.
There are a couple of points to make about type 4 and type 5 passwords.
- As they went into release 15 Cisco decided to introduce a new type of password which was intended to be more secure, which was the type 4 password. And as designed it would have been much more secure.
- The implementation of the new password was flawed and it is fact not better than the type 5 password. Cisco has announced plans for another new type of password which should achieve the original design criteria for type 4.
- if you input into config mode something that is like secret 5 xxxxxx( which contains the already encrypted type 5 password) then the config will maintain and use the type 5 password.
- but if you input into config mode something that is like secret xxxxxx then the new IOS will use the type 4 password.
I am guessing that you upgraded routers to new code with existing config with type 5 secret passwords. Or you did copy and paste into routers of configs that already contained the secret 5 passwords. Now you are doing maintenance to change user names and/or passwords and are getting type 4 on routers running the newer code.
As far as I know you can fix this by configuring the user name and secret on a router that is still using the type 5 secret password, and then copy and paste from that router into the new router which will then result in a type 5 secret on the new router.