Using the Enhanced Password Security feature, you can configure MD5 encryption for username
passwords. Before the introduction of this feature there were two types of passwords associated with
usernames. Type 0 is a clear text password visible to any user who has access to privileged mode on the
router. Type 7 is a password with a weak, exclusive-or type encryption. Type 7 passwords can be
retrieved from the encrypted text by using publicly available tools.

MD5 encryption is a one-way hash function that makes reversal of an encrypted password impossible,
providing strong encryption protection. Using MD5 encryption, you cannot retrieve clear text
passwords. MD5 encrypted passwords cannot be used with protocols that require that the clear text
password be retrievable, such as Challenge Handshake Authentication Protocol (CHAP).

Use the username (secret) command to configure a user name and an associated MD5 encrypted secret.

Benefits

Enhanced Password Security provides a strong method of encryption for user passwords.

12.0(18)S

This feature was introduced.