Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Bronze

secret 4 vs. secret 5 passwords

Hi,

Are secret 4 passwords being discontinued due to a security issue?

Can I copy a secret 4 to a secret 5 without knowing the password?

Thanks.

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions

Re: secret 4 vs. secret 5 passwords

It doesn't look like you can copy/paste:

Replacing a Type 4 Password with a Type 5 Password

Customers running a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords and currently using Type 4 passwords on their device configuration may want to replace those Type 4 passwords with Type 5 passwords. Reasons include the following:

  • Preparation for a device downgrade to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords
  • Compatibility with network management systems or other tools     that cannot handle a device configuration that includes Type 4 passwords
  • An organizational security policy that dictates the use of Type 5 passwords
  • Concerns about the resiliency of Type 4 passwords versus Type 5 passwords against brute-force attacks

As mentioned previously, a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords

does not allow the generation of a Type 5 password from a plaintext password on the device itself

. Customers who need to replace a Type 4 password with a Type 5 password must generate the Type 5 password outside the device and then copy the Type 5 password to the device configuration.

There are two options to generate a Type 5 password:

  • Using another device running a Cisco IOS or Cisco IOS XE release without Type 4 support
  • Using the openssl command-line tool (part of the OpenSSL Project)

In either case, administrators will need access to the plaintext version of the password to generate the Type 5 password.

Source: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
2 REPLIES

Re: secret 4 vs. secret 5 passwords

It doesn't look like you can copy/paste:

Replacing a Type 4 Password with a Type 5 Password

Customers running a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords and currently using Type 4 passwords on their device configuration may want to replace those Type 4 passwords with Type 5 passwords. Reasons include the following:

  • Preparation for a device downgrade to a Cisco IOS or Cisco IOS XE release that does not support Type 4 passwords
  • Compatibility with network management systems or other tools     that cannot handle a device configuration that includes Type 4 passwords
  • An organizational security policy that dictates the use of Type 5 passwords
  • Concerns about the resiliency of Type 4 passwords versus Type 5 passwords against brute-force attacks

As mentioned previously, a Cisco IOS or Cisco IOS XE release with support for Type 4 passwords

does not allow the generation of a Type 5 password from a plaintext password on the device itself

. Customers who need to replace a Type 4 password with a Type 5 password must generate the Type 5 password outside the device and then copy the Type 5 password to the device configuration.

There are two options to generate a Type 5 password:

  • Using another device running a Cisco IOS or Cisco IOS XE release without Type 4 support
  • Using the openssl command-line tool (part of the OpenSSL Project)

In either case, administrators will need access to the plaintext version of the password to generate the Type 5 password.

Source: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***
Bronze

Re: secret 4 vs. secret 5 passwords

Thanks much for the correct answer and the rapid response.

673
Views
0
Helpful
2
Replies