Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
130604
Views
34
Helpful
6
Replies

enable password and enable secret

vishalpatil86
Level 1
Level 1

‎02-29-2012 07:06 PM - edited ‎02-21-2020 04:34 AM

hi

whats the difference between enable password and enable secret?

does secret encrypt the password we have given?

9 people had this problem
0 Helpful
6 Replies 6

Leo Laohoo
Hall of Fame
Hall of Fame

‎02-29-2012 07:26 PM 

does secret encrypt the password we have given?

Passwords will be encrypted if you use the command "service password-encryption".

whats the difference between enable password and enable secret?

Password will take prescedence over secret.

Diomedes
Level 1
Level 1
In response to Leo Laohoo

‎03-24-2020 04:08 PM

Old post I know, but just wanted to make sure this was corrected in case anyone else stumbles on this answer as I have. It's the other way around. Secret overrides password.

vlausell
Level 1
Level 1
In response to Leo Laohoo

‎03-19-2023 04:02 PM

Interesting, but apparently its good practice to use secret bc of higher encryption. Thanks  

I kept wondering why use both. 

0 Helpful

diduarte
Cisco Employee
Cisco Employee
In response to Leo Laohoo

‎03-20-2024 10:57 AM

According Cisco documentation is the opposite. 

If you configure the enable secret command, it takes precedence over the enable password command; the
two commands cannot be in effect simultaneously.
If you enable password encryption, it applies to all passwords including username passwords, authentication
key passwords, the privileged command password, and console and virtual terminal line passwords

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/16-10/configuration_guide/sec/b_1610_sec_9200_cg/controlling_switch_access_with_passwords_and_privilege_levels.pdf

 

0 Helpful

ninoroygaleos
Level 1
Level 1

‎03-05-2012 12:24 AM

Hi vishal patil,

The difference is that,

# enable password - it will enables a password that based on a clear text, unlike,

# enable secret - it will enables a password and password encryption that based on the md5 hashing algorithm. This is is a most recommended command to supply while enabling a password to any cisco network devices.

-onin.

IT_Joe
Level 1
Level 1

‎10-27-2023 12:26 PM - edited ‎10-27-2023 12:26 PM

Cisco had enable password to store passwords for the use of privileged EXEC commands by console or remote (vty) users. These passwords were stored as clear-text in the configuration, and could be read by anyone calling show running-config.

Cisco then implemented service password-encryption to store these passwords as a different combination of characters using an algorithm. These are the passwords of type "7". This was still insecure: Googling "cisco password decryption" will yield websites that will decrypt type 7 passwords.

Finally, Cisco came up with enable secret which hashes the passwords with an MD5 algorithm. The only way to find the original passwords would be through the use of a rainbow table, and even that is unlikely as more than two character strings may return the same MD5 hash.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card