From: Danny Muizebelt (Danny.Muizebelt@osiatis.at)
Date: Tue Oct 04 2005 - 12:17:09 GMT-3
Hi Shanky,
I just copied the enable secret MD5 encrypted password from my Cisco 1005 (Yes, it is still in my lab :) to my Cisco 1841 and now now I can also use the same enable password on the 1841 as I have on my 1005.
I believe the md5 hash algorithm is the same on all platforms. The password gets hashed, a process which cannot be reversed. During authentication the entered password gets hashed also and then the two hashes get compared. Because of the limited length of the hash it is (I think) possible to have the same hash for different passwords but the chances are *highly* unlikely. I think you stand a better chance of winning the Lotto Jackpot AND being struck by lightning at the same time.
Another thing I noticed while informing myself, "username secret", md5 passwords for usernames as of 12.2T!!! Finally! You just never stop learning.
http://www.cisco.com/en/US/products/sw/iosswrel/ps1839/products_feature_guide09186a0080087cb1.html
-Danny
Danny Muizebelt
-----------------------------------------------------------------
OSIATIS Computer Services GmbH
Tel.: +43-1-79 520
-----------------------------------------------------------------
> -----Urspr|ngliche Nachricht-----
> Von: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Im Auftrag
> von Arun Arumuganainar
> Gesendet: Dienstag, 4. Oktober 2005 16:35
> An: Shanky; lab
> Betreff: Re: setting up enable password using encrypted password
>
> Hi Shanky ,
>
> Type 5 secret password encryption uses MD5 encryption . So original
> password
> will get discarded after encryption . This means u can not cut and
> paste
> enable secret password accross various routers .
>
> This is for the same reason type5 passwords can not be used with PPP
> username passwords .
>
> Thanks and Regards
> Arun
> ----- Original Message -----
> From: "Shanky" <shankyz@gmail.com>
> To: "lab" <ccielab@groupstudy.com>
> Sent: Monday, October 03, 2005 12:57 PM
> Subject: setting up enable password using encrypted password
>
>
> > Hi,
> > Just trying to setup enable password for different priv levels
> using
> > encrypted values , observed the following.
> > 1. on SW1 , did enable password level 2 0 test
> > the switch convers it to secret and the running config shows
> > enable secret level 2 5 $1$9H9z$IYx/gwpnxk5.MnnP3CVNn0
> > now .if I want to set the same password on say switch 2 but I am
> > prohibited from using enable secret command..
> > I did ..
> > on SW2,
> > enable password level 2 $1$jTcA$oHHlPh05wjdzi2sN7vS7t/ as shown
> below ..
> but
> > got the error message .
> > SW1(config)#enable pass le
> > SW1(config)#enable pass level 2 7 $1$jTcA$oHHlPh05wjdzi2sN7vS7t/
> > % Converting to a secret. Please use "enable secret" in the
> future.
> > Invalid encrypted password: $1$jTcA$oHHlPh05wjdzi2sN7vS7t/
> > So, if the requirement is to have the same password on 2 devices
> and we
> > have to use ..say an encrypted password on the 2nd device, the
> only way it
> > seems is
> > enable secret level 2 5 $1$jTcA$oHHlPh05wjdzi2sN7vS7t/ ----- on
> the 2nd
> > device
> > so when/where do we use the enable password 7 .... command ?
> > Can anyone explain ?
> > TIA
> > Shanky
> >
> >
> ____________________________________________________________________
> ___
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ____________________________________________________________________
> ___
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Diese Information ist vertraulich und ausschlie_lich zur Kenntnisnahme durch den (die) genannten Adressaten bestimmt.
Wenn Sie nicht der vorgesehene Adressat sind, informieren sie uns bitte unverz|glich.
The information herein is confidential and intended solely for the attention and use of the named addressee(s).
If you are not the intended recipient please inform us immediately.
This archive was generated by hypermail 2.1.4 : Sun Nov 06 2005 - 22:00:49 GMT-3