MD5 Encryption for username secret ...

Unanswered Question
Mar 27th, 2009
User Badges:

I wish to set up our Routers with username ... secret 5 ... (encrypted-secret). Can you recommend any tools for generating an MD5 encrypted secret for cisco ios. Thanks in advance.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Eugene Khabarov Fri, 03/27/2009 - 06:40
User Badges:
  • Silver, 250 points or more

You do not need to use any additional tools. Simply add user:

(config)#username test secret test

this would look like this in configuration file:

username test secret 5 $1$6xmn$kfSZZP.K3jcKDFa7QIji3.

Collin Clark Fri, 03/27/2009 - 06:44
User Badges:
  • Purple, 4500 points or more

There are situations where the hashed password needs to be entered instead of the clear text.

imuonagor Fri, 03/27/2009 - 10:13
User Badges:

I downloaded the software and typed a text "test" and clicked calculate and got the MD5 string "098f6bcd4621d373cade4e832627b4f6" but when i enter this under username test secret 5 098f6bcd4621d373cade4e832627b4f6 i get the error message:

ERROR: The secret you entered is not a valid encrypted secret. To enter an UNENCRYPTED secret, do not specify type 5 encryption. When you properly enter an UNENCRYPTED secret, it will be encrypted. Is there something i'm not doing well? Please clarify. Thanks.

Collin Clark Fri, 03/27/2009 - 11:26
User Badges:
  • Purple, 4500 points or more

This worked for me.

username test password 7 098f6bcd4621d373cade4e832627b4f6

rpfinneran Sun, 03/29/2009 - 03:44
User Badges:
  • Bronze, 100 points or more


You cannot simply try an MD5 hash of some password. Where did you get the idea that the secret 5 indicates an MD5 hash would follow? It isn't an MD5 hash.

A simple test to prove this. I have added an enable secret password of "cisco" to my device. The computed MD5 hash of "cisco" is "dfeaf10390e560aea745ccba53e044ed".

The router computed... "$1$voTM$qP2CfLDlxdeD1ofoVoYmp."

Now, notice the encrypted password on the router is 30 characters long. However, MD5 hashes are always 32 characters long.

Cisco IOS does not employ a simple MD5 hash to protect the enable secret password, especially with the rise of MD5 hash dictionaries.

imuonagor Sun, 03/29/2009 - 11:12
User Badges:

Could you assist with the right thing to do? i need to use the MD5 form of secret. What input should i have. The syntax says an encrypted secret should follow. Thanks in advance.

rpfinneran Mon, 03/30/2009 - 00:22
User Badges:
  • Bronze, 100 points or more

Yea, your missing the point. It is not the MD5 form of the secret, but rather some encrypted form of the secret.

Do you know what the secret password is in plain text? If so, drop it on a router using the "enable secret " command and do a show run. In the running config you will find the encrypted version of your password. I am still not sure why you must have the encrypted version...


This Discussion