Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Urgent Help - recover enable password


For some reason enable secret key is not working and router is 400Km.

I have the last backup config but the password is encrypted.

Any way to decrypt it.


Re: Urgent Help - recover enable password

I have never tested this and usually you should go with the password recovery procedure.

Here is what I found from google:

Password recovery procedures:

New Member

Re: Urgent Help - recover enable password


For MD5 there is no procedure or tool to decrypt.

As well I dont have physical access to router.

Hall of Fame Super Gold

Re: Urgent Help - recover enable password

Now I don't have first-hand experience on this but I was told by someone who contacted Cisco and (after lengthy procedure to verify identification) was given the unencrypted MD5 values.

Try raising a TAC request.

Cisco Employee

Re: Urgent Help - recover enable password


Personally, I strongly doubt that. The MD5 is a hash - a one-way function - and Cisco appears to implement the Unix style of the MD5 hashing in the passwords (probably they reimplemented the crypt() function as used in GLibc in Linux - any IOS coder here to confirm?). There is no way to directly "decrypt" an MD5 hash. What is possible to do is to find a collision string that produces the same hash value if that hash is computed directly from the input but the way to do this effectively has been found only recently.

The hash in Type 5 password is not a direct hash of the password, though. The passwords are "salted" - i.e. the string between the second and third $ sign is combined with the entered password in several rounds so even if you are able to find a collision string to the resulting MD5 hash, it will not be helpful because that MD5 hash is not a direct hash, rather a multiorder hash of hashes created in several rounds of the crypt() function. This is a quotation from Wikipedia's article:

First the passphrase and salt are hashed together, yielding an MD5 message digest. Then a new digest is constructed, hashing together the passphrase, the salt, and the first digest, all in a rather complex form. Then this digest is passed through a thousand iterations of a function which rehashes it together with the passphrase and salt in a manner that varies between rounds. The output of the last of these rounds is the resulting passphrase hash.

These are reasons for which I do not believe that Cisco TAC is able to "crack" the Type 5 passwords. And, while that is certainly not helpful for you, I hope that there is not some backdoor password possibility.

I am sorry to ruin your hopes. But then again, if you cannot attend the router yourself, can you at least direct somebody to perform that password recovery procedure remotely?

Best regards,


Re: Urgent Help - recover enable password

TAC will not be able to provide you with such information. I wont count on this as we dont have such tools in TAC.

You are left with the password recovery and you will need physical access.

Check out an earlier post where this was discussed: