Posts

  • Home -
  • news -
  • Cisco router types of password
research
  • 02/20
  • 2017

Cisco router types of password

Cisco Routers Password Types:
-------------------------------------------
Type 0 
this mean the password will not be encrypted when router store it in Run/Start Files
command:
enable password cisco123
Type 4
this mean the password will be encrypted when router store it in Run/Start Files using SHA-256
which apps like Cain can crack but will take long time
command :
enable secret 4 Rv4kArhts7yA2xd8BD2YTVbts
(notice above is not the password string it self but the hash of the password)
this type is deprecated starting from IOS 15.3(3)
Type 5
this mean the password will be encrypted when router store it in Run/Start Files using MD5
which apps like Cain can crack but will take long time
command:
enable secret 5 00271A5307542A02D22842
(notice above is not the password string it self but the hash of the password)
or
enable secret cisco123
(notice above is the password string it self)
Type 7
this mean the password will be encrypted when router store it in Run/Start Files using Vigenere cipher
which any website with type7 reverser can crack it in less than one second 
command :
ena password cisco123
service password-encryption
Type 8
this mean the password will be encrypted when router store it in Run/Start Files using PBKDF2-SHA-256
starting from IOS 15.3(3).
Password-Based Key Derivation Function 2 (PBKDF2) with Secure Hash Algorithm, 26-bits (SHA-256) as the hashing algorithm
Example :
R1(config)#enable algorithm-type sha256 secret cisco
R1(config)#do sh run | i enable
enable secret 8 $8$mTj4RZG8N9ZDOk$elY/asfm8kD3iDmkBe3hD2r4xcA/0oWS5V3os.O91u.
Example :
R1(config)# username yasser algorithm-type sha256 secret cisco
R1# show running-config | inc username
username yasser secret 8 $8$dsYGNam3K1SIJO$7nv/35M/qr6t.dVc7UY9zrJDWRVqncHub1PE9UlMQFs
Type 9
this mean the password will be encrypted when router store it in Run/Start Files using scrypt as the hashing algorithm.
starting from IOS 15.3(3)
Example :
R1(config)#ena algorithm-type scrypt secret cisco
R1(config)#do sh run | i enable
enable secret 9 $9$WnArItcQHW/uuE$x5WTLbu7PbzGDuv0fSwGKS/KURsy5a3WCQckmJp0MbE
Example :
R1(config)# username demo9 algorithm-type scrypt secret cisco
R1# show running-config | inc username
username demo9 secret 9 $9$nhEmQVczB7dqsO$X.HsgL6x1il0RxkOSSvyQYwucySCt7qFm4v7pqCxkKM
Important Notes:
1-If you configure type 8 or type 9 passwords and then downgrade to a release that does not support type 8 and type 9 passwords, you must configure the type 5 passwords before downgrading. If not, you are locked out of the device and a password recovery is required.
2-Starting from IOS 15.3(3)The 4 keyword was deprecated and support for type 8 and type 9 algorithms were added and The warning message for removal of support for the type 4 algorithm was added.