Enable Secret vs Enable Password 1

[redwolf52]

Anyone know the difference? i know that enable secret overides enable password but why would you need to set password if you already have secret or even have a secret at all?

 

[tcvander]

The enable password isn't secured in the config. And even with the "enable password encrypt" command it can still be broken.

Whereas the "enable secret" password is encrypted and can not be broken.

See:

http://www.cisco.com/warp/public/701/64.html

Todd VanDerwerken, CCNA, CCDA
Technical Consultant

http://www.ciscolinks.net

"If at first you don't succeed...then sky diving isn't for you!"

 

[wybnormal]

Correction.. the *secret* password can be broken using tools like "john the ripper". All it is a hashed key and *john* can break it.

http://www.openwall.com/john/

It's harder then the type 7 password but not impossible to break.

For more amusing reading:

http://is-it-true.org/pt/ptips12.shtml

MikeS
Find me at

http://www.packetattack.com

"Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots."
Sun Tzu

 

[techie147]

The enable password is there for backword compatibility and is not usually needed. The enable secret is encrypted but the password can still be broken using readily available tools on the internet. Use "no enable password" to remove it and use service password-encryption to encrypt your line and con passwords.