sfda_soc
asked on
Regarding Encryption Type In PIX and ASA
Dears,
i won't to know is hte type of encryption when i write this command is storng and cannot be broken easily or not ?
MyFW(Config)#username abcd password test
because after using this command :
MyFW(Config)#show running-config username
the output is :
username abcd password PSAvSeHRPqajh/Vi encrypted
so if someone knows PSAvSeHRPqajh/Vi can he figure the password ?
BR,
i won't to know is hte type of encryption when i write this command is storng and cannot be broken easily or not ?
MyFW(Config)#username abcd password test
because after using this command :
MyFW(Config)#show running-config username
the output is :
username abcd password PSAvSeHRPqajh/Vi encrypted
so if someone knows PSAvSeHRPqajh/Vi can he figure the password ?
BR,
Cisco used to offer a "tool" to de-crypt passwords so the short anwser is yes. However, they would need access to the firewall and both passwords.
ASKER
even so i would like to know what type of encryption is
because maybe my running-configuration file leaked and then anyone can take advantage of it....
because maybe my running-configuration file leaked and then anyone can take advantage of it....
The service password-encryption global configuration command uses a simple Vigenère cipher which is designed to protect your passwords from casual observers. It is not designed to withstand any seriuos hack attempt.
The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing. This algorithm is very secure but can be subject to a dictionary attack.
Check out the "Password management" section of this Cisco article:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing. This algorithm is very secure but can be subject to a dictionary attack.
Check out the "Password management" section of this Cisco article:
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.