CISCO IOS Enable secret and password?

Posted on 2006-11-29
Medium Priority
Last Modified: 2012-08-13
What is the different between those 2?
enable password and enable secret?

I often see that enable password 7 <password>
what is the number stand for? Based on my research 7 is a weak encryption algorithim? why they don't use the strongest one?
say enable password 5 <passsword>

Question by:kecoak
LVL 28

Accepted Solution

mikebernhardt earned 2000 total points
ID: 18042072
Enable secret uses "5". You are correct in what those numbers mean in terms of the encryption level. Regular enable password is a reversible encryption, enable secret is not reversible. There are plenty of utilities out there to decrypt the former for you. this isn't always a bad thing- If you break into a router and need to get the password without changing it, it's helpful. But for best security, always use enable secret.

Expert Comment

ID: 18042187
Might want "service password encryption" too

LVL 28

Expert Comment

ID: 18042307
That is what activates that reversible encryption. Without it, everything but enable secret will be in clear text.
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.


Author Comment

ID: 18042314
Is that possible to have enable password 5 <password>?
I don't understand whether "5" is always combine with "secret" ? or can it be combine with any other number? any references for this?
LVL 28

Expert Comment

ID: 18042357
No, it isn't. IOS puts it in there as a reference when it reads the password so it knows how to interpret it.
LVL 32

Expert Comment

ID: 18045201
Mike has it all, So just to add;

7 means MD7 and 5 means MD5

There are so many sites/programs out there which will decrypt an MD7 password in seconds.


Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
During and after that shift to cloud, one area that still poses a struggle for many organizations is what to do with their department file shares.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

624 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question