Some IOS commands store passwords as clear text, but you can then encrypt the passwords with the service password-encryption global command. By comparison, other commands store a computed hash of the password instead of storing the password. Comparing the two options, which one answer is the most accurate about why one method is better than the other?
- Using hashes is preferred because encrypted IOS passwords can be easily decrypted.
- Using hashes is preferred because of the large CPU effort required for encryption.
- Using encryption is preferred because it provides stronger password protection.
- Using encryption is preferred because of the large CPU effort required for hashes.
Explanation: The service password-encryption command encrypts passwords on a router or switch that would otherwise be shown in clear text. While a great idea in concept, the algorithm can be easily broken using websites found in the Internet. Cisco long ago provided replacements for commands that store passwords as clear text, instead using hashes-commands like enable secret and username secret. These commands are preferred in part because they avoid the issues of clear-text passwords and easily decrypted passwords.
Please login or Register to submit your answer