Link to home
Start Free TrialLog in
Avatar of sfda_soc
sfda_soc

asked on

Regarding Encryption Type In PIX and ASA

Dears,
i won't to know is hte type of  encryption when i write this command is storng and cannot be broken easily or not ?
MyFW(Config)#username abcd password test

because after using this command :
MyFW(Config)#show running-config username

the output is :
username abcd password PSAvSeHRPqajh/Vi encrypted


so if someone knows PSAvSeHRPqajh/Vi  can he figure the password ?

BR,

Avatar of 2PiFL
2PiFL
Flag of United States of America image

Cisco used to offer a "tool" to de-crypt passwords so the short anwser is yes.  However, they would need access to the firewall and both passwords.  
Avatar of sfda_soc
sfda_soc

ASKER

even so i would like to know what type of encryption is
because maybe my running-configuration file leaked and then anyone can take advantage of it....
The service password-encryption global configuration command uses a simple Vigenère cipher which is designed to protect your passwords from casual observers.  It is not designed to withstand any seriuos hack attempt.

The enable secret command and the Enhanced Password Security feature use Message Digest 5 (MD5) for password hashing.  This algorithm is very secure but can be subject to a dictionary attack.

Check out the "Password management" section of this Cisco article:
 http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080120f48.shtml
ASKER CERTIFIED SOLUTION
Avatar of Markus Braun
Markus Braun
Flag of Germany image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial