cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
40964
Views
15
Helpful
7
Replies

Enable Secret 4

rob.magrath
Level 1
Level 1

Hi there,

This has been bugging me for a while and I cannot find much if any documentation about it. But how do you go about using enable secret 4 (sha256) instead of enable secret 5. Is this feature only available in a particular IOS train or is it a feature you have to activate?

Rob

1 Accepted Solution

Accepted Solutions

Hi Rob,

It seems you need 15.2(03)T1, version 15.2(03)T does not have this supported. T1 will be released at 06/29.

Kind Regards,
Ivan

**Please grade this post if you find it useful.

Kind Regards,
Ivan

View solution in original post

7 Replies 7

Ivan Shirshin
Cisco Employee
Cisco Employee

Hi Rob,

Ecnryption types 0, 4 and 5 were added to this command starting with 15.0(1)S release. See this comman reference:

http://www.cisco.com/en/US/docs/ios/security/command/reference/sec_e1.html#wp1042287

Level 4 encryption is SHA256, which is superior to md5 (level 5 encryption). This was made the default in 15.0(1)S and md5 password encryption will be deprecated eventually.

The latest 15.1 releases already generate a warning in case of using md5, such as:

Warning: MD5 encryption will be deprecated soon. Please move to SHA256 encryption.

Kind Regards,
Ivan

**Please grade this post if you find it useful.

Kind Regards,
Ivan

Hi Ivan,

Thanks for the reply. The reason I was confused was we upgraded a 2951 to a later version of IOS (15.2) and the feature doesnt appear to be there. When entering enable secret there is no option for encryption type 4. I can check for definite tomorrow what release of code it is. Is it possible this version has the feature missing?

Thanks

Rob

Hi Rob,

It works on 2900 platform starting with versions 15.2(2)T1 and 15.2(03)T1 - "enable secret 4 ...".

What is your exact image version?

Kind Regards,
Ivan

**Please grade this post if you find it useful.

Kind Regards,
Ivan

Hi Ivan,

We were running c2951-universalk9-mz.SPA.152-2.T1.bin which had the feature enable but when we upgraded to

c2951-universalk9-mz.SPA.152-3.T.bin the feature wasnt there. Its seems like it may have been missed off the later release?

So in summary

working

c2951-universalk9-mz.SPA.152-2.T1.bin

Not available

c2951-universalk9-mz.SPA.152-3.T.bin

Weird?

Thanks

Rob

Hi Rob,

It seems you need 15.2(03)T1, version 15.2(03)T does not have this supported. T1 will be released at 06/29.

Kind Regards,
Ivan

**Please grade this post if you find it useful.

Kind Regards,
Ivan

Thanks Ivan.

Glad to help, Rob.

Kind Regards,
Ivan
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: