Sunday, July 13, 2008

Generate Cisco Secret 5 passwords with OpenSSL Library

A bit more detail on IOS password hashes - PacketLife.net
It's no secret that the legacy "type 7" password hashes employed by older IOS devices are easily reversed. Wherever available, type 5 hashing is preferred as it generates a non-reversible MD5 hash. However, the one-way operation of MD5 isn't it's strongest benefit.
Recall that the generation of an MD5-type hash for a local user account is as simple as specifying secret instead of password:
Router(config)# username foo secret MyP4ssw0rd
Router(config)# do sh run include username
username foo secret 5 $1$jR5i$.HDBuKq.wIDOn2EYpCPYc0

stretch@Sandbox$ openssl passwd -1 -salt jR5i MyP4ssw0rd
$1$jR5i$.HDBuKq.wIDOn2EYpCPYc0

No comments: