It's no secret that the legacy "type 7" password hashes employed by older IOS devices are easily reversed. Wherever available, type 5 hashing is preferred as it generates a non-reversible MD5 hash. However, the one-way operation of MD5 isn't it's strongest benefit.
Recall that the generation of an MD5-type hash for a local user account is as simple as specifying secret instead of password:
Router(config)# username foo secret MyP4ssw0rd
Router(config)# do sh run include username
username foo secret 5 $1$jR5i$.HDBuKq.wIDOn2EYpCPYc0
stretch@Sandbox$ openssl passwd -1 -salt jR5i MyP4ssw0rd
$1$jR5i$.HDBuKq.wIDOn2EYpCPYc0
No comments:
Post a Comment