Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

MD5 Encryption for username secret ...

I wish to set up our Routers with username ... secret 5 ... (encrypted-secret). Can you recommend any tools for generating an MD5 encrypted secret for cisco ios. Thanks in advance.

9 REPLIES

Re: MD5 Encryption for username secret ...

I use HashCalc. Works great and it's free.

http://www.slavasoft.com/hashcalc/index.htm

Hope that helps.

Re: MD5 Encryption for username secret ...

You do not need to use any additional tools. Simply add user:

(config)#username test secret test

this would look like this in configuration file:

username test secret 5 $1$6xmn$kfSZZP.K3jcKDFa7QIji3.

Re: MD5 Encryption for username secret ...

There are situations where the hashed password needs to be entered instead of the clear text.

New Member

Re: MD5 Encryption for username secret ...

I downloaded the software and typed a text "test" and clicked calculate and got the MD5 string "098f6bcd4621d373cade4e832627b4f6" but when i enter this under username test secret 5 098f6bcd4621d373cade4e832627b4f6 i get the error message:

ERROR: The secret you entered is not a valid encrypted secret. To enter an UNENCRYPTED secret, do not specify type 5 encryption. When you properly enter an UNENCRYPTED secret, it will be encrypted. Is there something i'm not doing well? Please clarify. Thanks.

Re: MD5 Encryption for username secret ...

This worked for me.

username test password 7 098f6bcd4621d373cade4e832627b4f6

Re: MD5 Encryption for username secret ...

password 7 - is not md5 password!

New Member

Re: MD5 Encryption for username secret ...

Hello,

You cannot simply try an MD5 hash of some password. Where did you get the idea that the secret 5 indicates an MD5 hash would follow? It isn't an MD5 hash.

A simple test to prove this. I have added an enable secret password of "cisco" to my device. The computed MD5 hash of "cisco" is "dfeaf10390e560aea745ccba53e044ed".

The router computed... "$1$voTM$qP2CfLDlxdeD1ofoVoYmp."

Now, notice the encrypted password on the router is 30 characters long. However, MD5 hashes are always 32 characters long.

Cisco IOS does not employ a simple MD5 hash to protect the enable secret password, especially with the rise of MD5 hash dictionaries.

New Member

Re: MD5 Encryption for username secret ...

Could you assist with the right thing to do? i need to use the MD5 form of secret. What input should i have. The syntax says an encrypted secret should follow. Thanks in advance.

New Member

Re: MD5 Encryption for username secret ...

Yea, your missing the point. It is not the MD5 form of the secret, but rather some encrypted form of the secret.

Do you know what the secret password is in plain text? If so, drop it on a router using the "enable secret " command and do a show run. In the running config you will find the encrypted version of your password. I am still not sure why you must have the encrypted version...

5246
Views
0
Helpful
9
Replies