Password Recovery

[colthirtytwo]

Is there a utility to decrypt a masked password in a cisco config file? I just got a cisco 3600. I used the password recovery to make my own, but out of curiosity I want to see what the old password was.

Thanks in advance

 

[benzito]

It depends on whether the password was set as "enable password" or "enable secret". Enable password uses a weak algorithm and there are applets out there that can decipher enable passwords easily. Enable secrets, on the other hand, are set as a hash (a key that represents the original data) using MD5 which uses 128-bit encrpytion to mask the password. I'm not aware of any utilities that can compromise a password set with enable secret...not saying they don't exist.

To find a weak password cracker, just google for "cisco weak password decrpytion" to locate a utility.

At the very least you should set your passwords using enable secret. An even better, more secure password policy would be to use AAA - authenticating users against a secure database.

For more about cisco password schemes and recommendations:

http://www.cisco.com/warp/public/701/64.html

MD5:

http://www.faqs.org/rfcs/rfc1321.html

 

[colthirtytwo]

Thanks for the fast reply. It worked. I've already reconfigured the router, but I just wanted to know what the old password was. Now I know.
Thanks again.

 

[robyone64]

Hi, there is another tool in the solarwinds software,

http://www.solarwinds.net,

you can download engineering edition evaluation, for cisco there are more nice tools (also the password decrypter).
Bye