Configuring Password Encryption

16 Mar

Configuring Password Encryption
It’s relatively simple to configure password encryption on Cisco routers. When password encryption is configured, all passwords that are configured on the router are converted to an unsophisticated reversible cipher. Although the algorithm that is used to convert the passwords is somewhat unsophisticated, it still serves a very good purpose. Intruders cannot simply view the password in plain text and know what the password is. To enable the use of password encryption, use the command service password−encryption.

The following example shows a router configuration prior to enabling password encryption. An enable password, a console password, and a Telnet password is configured:

SecureRouter#show running−config
!
enable password Cisco
!
line con 0
password Networking
!
line vty 0 4
password Security
!

The following example shows the command you would use to enable password encryption on the router:

SecureRouter#config t
Enter configuration commands, one per line. End with CNTL/Z.
SecureRouter(config)#service password−encryption
SecureRouter(config)#end
SecureRouter#

The results of enabling password encryption can be seen in the following example. Notice that each password is now represented by a string of letters and numbers, which represents the encrypted format of the password:

SecureRouter#show running−config
!
enable password 7 05280F1C2243
!

line con 0
password 7 04750E12182E5E45001702
!
line vty 0 4
password 7 122A00140719051033
!

Warning Password encryption does not provide a very high level of security. There are widely available passwords crackers that can reverse the encryption. I do, however, recommend using the password encryption command on all routers. I also recommend that you take additional security measures to protect your passwords.

Random Posts

No comments yet

Leave a Reply

You must be logged in to post a comment.