Cisco IOS service password-encryption

Question

In Cisco IOS there's the service password-encryption command to encrypt all passwords in the config file to prevent unauthorized individuals from viewing them.

quoting from http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfpass.html

Caution The service password-encryption command does not provide a high level of network security. If you use this command, you should also take additional network security measures.

then it's written:

Although you cannot recover a lost encrypted password (that is, you cannot get the original password back)

So what do they mean exactly? It does not protect very much because of weak encryption used or because it only protects users from viewing the password in the config file?

I'm confused because in the Networking Academy material they say

The service password-encryption command applies weak encryption to all unencrypted passwords.

So is it weak because it's easy to crack?

Answer 1

TL;DR Don't use Type 7 refrain from using Type 5 where possible and almost always try to use Type 8 (Unfortunately Type 8 in the world of Cisco isn't always available on all devices._¹)

---

As stated by the users here, there are "two" (I use speech marks here because there are actually more, some only feature on newer versions of code and certain products and I will talk about those later) but the two password types that are common are Type 7 and Type 5.

As you've been told Type 7 is very easily cracked, in-fact with a quick Google search you can find a decrypter online as an example here is one I've used in the past. The point is, it's easy to reverse, there is no security behind it whatsoever so please don't ever use it (unless you're just running labs).

What you've not been told is why it's insecure - Type 7 uses the Vigenère cipher this cipher is now considered to be completely broken in-short this cipher uses

A series of interwoven Caesar ciphers based on the letters of a keyword.

What this essentially means is you take multiple Ceaser ciphers in sequence however you change the shift value each time. So where in a Ceaser you simply use a shift of three in a Vigenère cipher you shift with different values each time. A good website to see how Vigenère ciphers work is Crypto Corner.

---

So what about Type 5 is that more secure? Yes, it's more secure, Is it good? Well for storing passwords, not really. Type 5 uses MD5. MD5 isn't at all good for storing password see Is MD5 considered insecure? (I suggest reading both CodesInChaos's answer and Thomas Pornins answer below it) both answers are great and will tell you why you shouldn't store passwords in MD5. In essence, MD5 is fast, you can hash billions of passwords per second. Ciscos implementation of MD5 uses a Salt however as mentioned here by Tom Leek, in reality, using Salt in MD5 doesn't make any difference because of speed. So should you use Type 5 it honestly depends on your threat-model but I would advise against it where possible. As I mentioned earlier there are actually other types.

In newer versions of Cisco's IOS, there are now Type 8 and Type 9 passwords. These are much more secure.

---

Type 8 uses PBKDF2-SHA-256. PBKDF2 is good due to the fact that's it is designed to be slow where MD5 isn't. Type 8 is incredibly slow which can be a problem especially on a router, switch, etc this is because they don't use powerful CPUs, whilst a company like Cisco doesn't disclose specifically what CPUs they use it would be logical to say they're not extremely powerful for example in reality what a switch is doing isn't that intensive so they're not going to be using very powerful hardware. This becomes obvious when you generate an RSA key with 4096 bits on a Cisco switch. In general it seems that PBKDF2 appears to be the standard for password storing as mentioned by Tom here it also appears to be the NIST recommended for storing passwords so if you have the option I would recommend Type 8 it's going to be infinitely more secure than Type 7 and significantly more secure than Type 5 so if you have the ability then use it. Again this is all subjective to your Threat Model. In general, though I would say if you're using this on a customers network (customer being a client perhaps you sell networking solutions too) then where possible try to use Type 8.

---

Finally you have Type 9 Scrypt whilst I cannot evaluate the security of this that well Scrypt appears to be in general "more secure than Bcrypt" the issue with it, is that it's a lot more recent so that obviously means it has had a lot less time to be looked at by crypto experts. However, put simply Scrypt will be a lot more secure than Type 7 and Type 5 because it is again designed to be slow, which means computation time is a lot longer thus you'd like to think "more secure". Again a good resource for Scrypt is here.

---

To sum up, should you use Type 7 or Type 5? The answer is no. You should certainly not be using Type 7, it's awful. In regards to Type 5 don't use it either. Storing passwords with MD5 is not secure at all.

In a production environment please refrain entirely from using Type 7 refrain from using Type 5 where necessary/possible and almost certainly try to implement Type 8 or Type 9 considering PBKDF2 is the recommended from NIST as per this I would edge towards using that over Type 9.

---

One final thing I would like to mention is this - obviously this is only for local credentials (I would hope) if you're going to be installing production networks please use a RADIUS server of some sorts, this is much more secure (especially if you have a NOC where multiple engineers work).

---

_{^{1 - I realise I failed to mention Type 4 but if you're going to implement that on a network you shouldn't be working in I.T and you need to upgrade your devices in order to enjoy that they will no-longer support Type 4}}

Answer 2

Service password-encryption will encrypt all the passwords in cisco router using type 7 encryption which is very weak and you could recover the password from the hash using many online tools in moment.but if you use for example Enable secret password for the enable password it will be hashed using MD5 which is much more stronger

Answer 3

Yes, it is weak/not secure because it is easy to crack. The original implementation of service password-encryption was to prevent the "over-the-shoulder" attack and for random people who might of had access to the config file but don't actually know what they are doing. Any attacker who knows what they are doing aren't going to be stopped by the password encryption service, that is why Cisco says to take additional network security measures as to prevent the attacker from getting to that point to begin with. Example: You can setup users on the Cisco device and specify which commands that user can actually execute which is better then having one "admin" user who can access everything. This can be accomplished using an AAA server and Tacacs+.

Also MD5, while stronger is considered weak as there are online tools they have databases with billions and billions of already hashed passwords. Length is your friend when creating a password. Example: an 8 character password, no matter how many fancy symbols and characters you use, can be cracked within minutes.

Answer 4

There are 2 type there:

password 7 - which is reversible

secret 5 - which is not

So for passwords, use/replace all with secret instead of password and you'll be fine.

Example:

no username tmp2 password 7 013656474776742

username tmp2 privilege 15 secret YourNewPassword