Your IP is:

[More Detail]

Instant Port Checker

IP:[get my ip] Port1:[EL2/PR2/PM3]   [XON NVR] Port2: Port3:

Skip to content

Configure MD5 encrypted passwords for users on Cisco IOS

The enhanced password security in Cisco IOS introduced in 12.0(18)S allows an admin to configure MD5 encryption for passwords. Prior to this feature the encryption level on Type 7 passwords used a week encryption and can be cracked easily and the clear text password (type 0) as anyone would know is completely insecure. Anyone who can gain access to the privilege mode can view/decrypt these passwords.

To configure enhanced password security, create a user with MD5 password encryption as follows from the Global configuration mode:

MD5 Encryption on clear text password:

You can enter a clear text password which will be encrypted using MD5 algorithm

ciscorouter(config)# username ciscoadmin secret ciscopass

where ciscoadmin is the user and his clear text password “ciscopass” which will then be converted into a MD5 encrypted text.

This is equivalent to

ciscorouter(config)# username ciscoadmin secret 0 ciscopass

where “0″ [default] indicates MD5 encryption on a clear text password.

MD5 encrypted text as password

To enter an MD5 encrypted password instead of a clear text password

ciscorouter(config)# username ciscoadmin secret 5 $ 1$ feb0$ a104Qd9UZ./Ak00KTggPD0

where “5″ indicates the entered password is a MD5 encrypted text.

To verify the logins with MD5 encryption,

Clear Text password

ciscorouter# show running-config
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname ciscorouter
logging rate-limit console 10 except errors
no logging console
enable secret 0 $ 1$ 53Ew$ Dp8.E4JGpg7rKxQa49BF9/
username ciscoadmin secret 5 $ 1$ fBYK$ rH5/OChyx/

MD5 encrypted text entered as password

ciscorouter# show running-config
version 12.2
no service single-slot-reload-enable
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
hostname ciscorouter
logging rate-limit console 10 except errors
no logging console
enable secret 5 $ 1$ feb0$ a104Qd9UZ./Ak00KTggPD0
username ciscoadmin secret 5
ip subnet-zero

Here the MD5 encrypted password entered itself is not displayed against the username.

Categories: General.

Tags: , , , ,