Say No to Cisco passwords

Folks from the networking Industry might be well aware of the limitations of Cisco Passwords generally called Type 7 passwords. What “service password encryption” (command to make clear text password into type 7 password) does is garble the password so that people who glance over your shoulder will not be able to make out the password. These passwords are also vulnerable if you store your configurations at a not so secure location or if you share your configuration with others for troubleshooting. The reason why many people are deceived by it is possibly because it says service password “encryption”. Anyone in IT knows that you encrypt data so that it is close to impossible to decrypt it except by the one for whom the data is meant. The other reason why people still use it is because they don’t care much about security and assume that nobody is malicious. Your equipments have passwords of every Admin which can easily be compromised but nobody cares.  There are softwares which decode these password.  There are even several websites which decrypt such passwords. The worst part of the tale is that you can use the Router itself to decrypt it.

I will show you the commands by which you can decrypt it. First, we will make a username and password on the router and enable service pass word encryption.

CiscoRouter(config)#username cisco password cisco

CiscoRouter(config)#service password-encryption

We can see that the service password encryption has worked by the show run

CiscoRouter#sh run | i username

username cisco password 7 030752180500

Now we will start the decryption procedure for this password. We start by making a Key Chain of name DECRYPT (you can use any name) with the type 7 password as the key.

CiscoRouter(config)#key chain DECRYPT

CiscoRouter(config-keychain)#key 1

CiscoRouter(config-keychain-key)#key-string 7 030752180500

Now it just requires a show command to reveal the password.

CiscoRouter#sh key chain DECRYPT

Key-chain DECRYPT:

key 1 — text “cisco”

accept lifetime (always valid) – (always valid) [valid now]

send lifetime (always valid) – (always valid) [valid now]


This blog will be incomplete if I were to not give a work around for this. Almost all service on a Cisco router can be protected by an MD5 hash. These include your enable password, user passwords, OSPF, NTP, ppp, bgp, etc. A hash is a one way encryption which is impossible to decrypt. The only way to break it is by brute force using rainbow table or dictionary. Using a normal processor, the hash can be broken in more than 200 years and I don’t think anyone would want to wait that much.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s