Understand Cisco IOS Password Encryption
Available Languages
Introduction
This document describes the security model behind Cisco password encryption, and the security limitations of that encryption.
Background
A non-Cisco source has released a program to decrypt user passwords (and other passwords) in Cisco configuration files. The program does not decrypt passwords set with the enable secret command. The unexpected concern that program caused among Cisco users has led to the suspicion that many users rely on Cisco password encryption for more security than it was designed to provide.
Note: Cisco recommends that all Cisco IOSĀ® devices implement the authentication, authorization, and accounting (AAA) security model. AAA can use local, RADIUS, and TACACS+ databases.
Prerequisites
Requirements
There are no specific requirements for this document.
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, ensure that you understand the potential impact of any command.
Conventions
For more information on document conventions, refer to the Cisco Technical Tips Conventions.
User Passwords
User passwords, and most other passwords (not enable secrets) in Cisco IOS configuration files are encrypted with a scheme that is very weak by modern cryptographic standards.
Although Cisco does not distribute a decryption program, at least two different decryption programs for Cisco IOS passwords are available to the public on the internet; the first public release of such a program of which Cisco is aware was in early 1995. We would expect any amateur cryptographer to be able to create a new program with little effort.
The scheme used by Cisco IOS for user passwords was never intended to resist a determined, intelligent attack. The encryption scheme was designed to avoid password theft by simple snooping or sniffing. It was never intended to protect against someone who conducts a password-cracking effort on the configuration file.
Because of the weak encryption algorithm, it has always been the Cisco position that users treat any configuration file that contains passwords as sensitive information, the same way they would treat a clear text list of passwords.
The Enable Secret and Enable Password Commands
The enable password command is no longer recommended to be used. Use the enable secret command for better security. The only instance in which the enable password command can be tested is when the device is in a boot mode that does not support the enable secret command.
Enable secrets are hashed with the MD5 algorithm. As far as anyone at Cisco knows, it is impossible to recover an enable secret based on the contents of a configuration file (other than by obvious dictionary attacks).
Note: This applies only to passwords set with enable secret, and not to passwords set with enable password. Indeed, the strength of the encryption used is the only significant difference between the two commands.
Which Cisco IOS Image Supports enable secret?
Look at your boot image with the show version command from your normal operating mode (Full Cisco IOS image) to see if the boot image supports the enable secret command. If it does, remove the enable password. If the boot image does not support enable secret, note these caveats:
-
Use of an enable password can be unnecessary if you have physical security so no one can reload the device to the boot image.
-
If someone has physical access to the device, they can easily subvert the device security without a need to access the boot image.
-
If you set the
enable passwordto the same as theenable secret, you have made theenable secretas prone to attack as theenable password. -
If you set
enable passwordto a different value because the boot image does not supportenable secret, your router administrators must remember a new password that is used infrequently on ROMs that do not support theenable secretcommand. With a separate enable password, administrators need to remember the password when they force a downtime for a software upgrade, which is the only reason to log in to boot mode.
Other Passwords
Almost all passwords and other authentication strings in Cisco IOS configuration files are encrypted with the weak, reversible scheme used for user passwords.
To determine which scheme has been used to encrypt a specific password, check the digit before the encrypted string in the configuration file. If that digit is a 7, the password has been encrypted with the weak algorithm. If the digit is a 5, the password has been hashed with the stronger MD5 algorithm.
For example, in the configuration command:
enable secret 5 $1$iUjJ$cDZ03KKGh7mHfX2RSbDqP.
The enable secret has been hashed with MD5, whereas in the command:
username jdoe password 7 07362E590E1B1C041B1E124C0A2F2E206832752E1A01134D
The password has been encrypted with the weak reversible algorithm.
Configuration Files
When you send configuration information in e-mail, sanitize the configuration from type 7 passwords. You can use the show tech-support command, which sanitizes the information by default. Sample show tech-support command output is shown here:
... hostname routerA ! aaa new-model aaa authentication login default local aaa authentication ppp default if-needed local enable secret 5 <removed> ! username jdoe password 7 <removed> username headquarters password 7 <removed> username hacker password 7 <removed> ...
When you save your configuration files on a Trivial File Transfer Protocol (TFTP) server, change the privileges on that file when it is not in use or put it behind a firewall.
Can The Algorithm Be Changed?
Cisco has no immediate plans to support a stronger encryption algorithm for Cisco IOS user passwords. If Cisco does decide to introduce such a feature in the future, that feature definitely imposes an additional administrative burden on users who choose to take advantage of it.
It is not, in the general case, possible to switch user passwords over to the MD5-based algorithm used for enable secrets, because MD5 is a one-way hash, and the password cannot be recovered from the encrypted data at all. In order to support certain authentication protocols (notably CHAP), the system needs access to the clear text of user passwords, and therefore must store them with a reversible algorithm.
Key management issues would make it a nontrivial task to switch over to a stronger reversible algorithm, such as Data Encryption Standard (DES). Although it would be easy to modify Cisco IOS to use DES to encrypt passwords, there would be no security advantage in this approach, if all Cisco IOS systems used the same DES key. If different keys were used by different systems, an administrative burden would be introduced for all Cisco IOS network administrators, and portability of configuration files between systems would be damaged. User demand for stronger reversible password encryption has been small.
Related Information
Revision History
| Revision | Publish Date | Comments |
|---|---|---|
3.0 |
22-Jul-2024 |
This document has been reviesed to comply with current Cisco publishing standards. |
1.0 |
21-Jul-2008 |
Initial Release |
FeedbackContact Cisco
- Open a Support Case
- (Requires a Cisco Service Contract)