Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2742
Views
10
Helpful
8
Replies

Hash standard

joal
Level 1
Level 1

‎02-14-2021 03:08 PM - edited ‎02-14-2021 03:09 PM

What hash-function does the ciscorouter use and whats the standard?

Labels:
0 Helpful
8 Replies 8

kubn2
Level 1
Level 1

‎02-14-2021 03:21 PM

Hi,

As you used label VPN I guess you are asking for hashes used in VPN/tunnels, so it depends on your configuration, without checking I believe you can configure md5, sha1, sha256, sha384, sha512.

0 Helpful

joal
Level 1
Level 1
In response to kubn2

‎02-15-2021 12:04 AM - edited ‎02-15-2021 12:14 AM

Im reading the cource cyberops and i didnt find any label with "crypto" that's why I just took VPN. Idont know if it is about VPN or nah, the only thing I know is that the teacher asked: "What kind of hash function our Cisco routers use when it comes to passwords and what is the standard." 

0 Helpful

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎02-14-2021 09:50 PM

Hash and encryption algorithms depends on the HW and SW being used but some of the available options are

 

hash {sha | sha256 | sha384 | md5}

More details:

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_ikevpn/configuration/xe-16-6/sec-ike-for-ipsec-vpns-xe-16-6-book/sec-key-exch-ipsec.html#GUID-8AD6BD3A-709A-4179-8630-BD6E253039B5

 

Thank you,

Dinesh Moudgil

 

P.S. Please rate helpful posts.

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/

joal
Level 1
Level 1
In response to Dinesh Moudgil

‎02-15-2021 12:05 AM

But what is the standard the ciscorouters use. ( I didn't mean VPN, the there where no label on crypto so I just took something) 

0 Helpful

Sheraz.Salim
VIP
VIP
In response to joal

‎02-15-2021 12:25 AM - edited ‎02-15-2021 12:25 AM

There is no standard cisco router use. you have to customise it according to your needs. however let say some router use a default specific hashing for VPN (know as out of box) example VPN ikev1 phase 1/2 and for ikev2 in phase 1/2.

please do not forget to rate.

joal
Level 1
Level 1
In response to Sheraz.Salim

‎02-15-2021 12:32 AM

Yeah maybe its was the default he meant, can you develop what you mean by default cisco router?

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎02-15-2021 12:32 AM

Hi,

Cisco route is offering multiple password types and hashing algorithm for passwords. such as

Type 0
this means the password will not be encrypted when the router store it in Run/Start Files

Type 4
this means the password will be encrypted when the router store it in Run/Start Files using SHA-256

Type 5
this means the password will be encrypted when the router store it in Run/Start Files using MD5

Type 7
this means the password will be encrypted when the router store it in Run/Start Files using Vigenere cipher

Type 8

this means the password will be encrypted when the router store it in Run/Start Files using PBKDF2-SHA-256

Type 9

this means the password will be encrypted when the router stores it in Run/Start Files using the script as the hashing algorithm.

 

Some may or may not available on your router based on IOS and Hardware versions. Standard is changing based on the time and hardware and software version. 

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to Deepak Kumar

‎02-15-2021 12:41 AM

Oh,

I double-check the question and found out from the comment below that you are looking for a VPN. Therefore, there is no standard or default. You can go ahead according to your needs and IOS version support. Some older IOS can not support the latest algorithms.

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents