mailing list archives
cisco enable passwords (was: Re: livingston.. )
From: carrel () cisco com (David Carrel)
Date: Fri, 29 Sep 1995 14:52:07 -0700
Am I looking at an out of date or fukt configuration, or are ROOT PASSWORDS
really stored in the CLEAR in configuration files?!
C'mon, guys, cisco fixed that one at least five years ago.
They did except you can decrypt the passwords in about 1/1000th of a second ;
The original cisco password "encryption" should never have been given that
name. It is not encryption and engineering never intended it to serve that
purpose. It's purpose was merely to stop casual observers from grabing
passwords by looking over your shoulders. It's arguable if that ever
should have been done, but that is what was done. The problem is that many
passwords on a cisco router need to be reversible in order to support
protocols like ARAP and PPP's CHAP. Reversible encryption is a difficult
problem when you have no secure storage.
Current cisco products support a true one-way encryption scheme for enable
passwords (our equivalent of a ROOT password). It is quite robust. Look
for "enable secret" in your cisco config.