What is the reason that Cisco still support the use of both enable secret and enable passwords in a router’s configuration?

The enable secret password appears as an MD5 hash in a router’s configuration file, whereas the enable password is not hashed (or encrypted, if the password-encryption service is not enabled). What is the reason that Cisco still support the use of both enable secret and enable passwords in a router’s configuration?

A.
The enable password is used for IKE Phase I, whereas the enable secret password is used for IKE Phase II.

B.
The enable password is considered to be a router’s public key, whereas the enable secret password is considered to be a router’s private key.

C.
Because the enable secret password is a hash, it cannot be decrypted. Therefore, the enable password is used to match the password that
was entered, and the enable secret is used to verify that the enable password has not been modified since the hash was generated.

D.
The enable password is present for backward compatibility.

Explanation/Reference:
Enable password is not encrypted (or hashed) by default. Therefore, the enable password is considered weaker
than the enable secret password. However, Cisco IOS still supports the enable password for backward
compatibility. For example, if the IOS version on a router were rolled back to a version that supported the enable
password but not the enable secret password, the enable password would offer some level of security.
Enable secret password is used to permit access to a router’s privileged mode. The password is stored in
the router’s configuration as an MD5 hash value, making it difficult for an attacker to
guess and impossible to see with the naked eye.



Leave a Reply 0

Your email address will not be published. Required fields are marked *