Passwords
Identification is mainly based on a aggregate of the username and the password. A countersign is a adequate cord of characters
that is acclimated to accredit a user. There are three types of countersign aegis schemes in Cisco IOS.
Clear-text passwords: These are the best afraid because they accept no encryption. Passwords are arresting in the
device agreement in bright text.
Type 7 passwords: These use the Cisco proprietary encryption algorithm and are accepted to be weak. Several password
utilities are accessible to analyze Type 7 encrypted passwords. Type 7 encryption is acclimated by the accredit countersign ,
username , and band countersign commands.
Type 5 passwords: These use MD5 hashing algorithm (one-way hash) and are accordingly abundant stronger because they advised irreversible. The alone way to able the Type 5 countersign is by application animal force or concordance attacks. It is highly
recommended that you use Type 5 encryption instead of Type 7 area possible. Type 5 encryption is acclimated by the enable
secret command to specify an added band of aegis over the accredit countersign command. The accredit secret
command takes alternative over the accredit countersign command. The username abstruse command additionally uses Type 5
encryption.
Tip
The afterward URL is an basis of countersign accretion procedures for best Cisco products:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00801746e6.shtml