Hello
Both Cisco IOS and Cisco Firewall OS (used to be called the Finesse OS) use
the MD5 hashing function:
http://www.cisco.com/en/US/tech/tk59/technologies_tech_note09186a00809d38a7.shtml
AFAIK, Cisco firewalls do not use a 'salt' value to generate the passwords,
this is why you are seeing the same hash being repeated.
http://www.freerainbowtables.com/phpBB3/viewtopic.php?f=2&t=1441
But if you have a chosen a proper password, the chances of any
dictionary-based attacks are very very low, so its still not really a big
security risk.
However starting from version 8.3, you can actually configure an encryption
pass-phrase and the encryption logarithm (like AES), and then use it to
encrypt your stored passwords, please see:
Regards
Farrukh
On Sat, Aug 25, 2012 at 10:08 PM, Mohammad Moghaddas <moghaddas.it_at_gmail.com
> wrote:
> Hi.
> Do you guys know whats the mystery behind password encryption on ASA & FWSM
> which makes the passwords one way?
> Does its algorithm has a name?
> Also another issue, I set "user one pass test", "user two pass test", "user
> three pass test", and all the passwords were hashed the same. But the hash
> differed to "enable password test"
> Then I didn't save the config, reload the device with no config, and set
> those user/pass and enable pas again. All the hash were the same as before
> the reload.
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sat Aug 25 2012 - 22:55:14 ART
This archive was generated by hypermail 2.2.0 : Sat Sep 01 2012 - 08:41:18 ART