350-401 · Question #66
What is the difference between the enable password and the enable secret password when password encryption is enable on an IOS device?
The correct answer is D. The enable secret password is protected via stronger cryptography mechanisms.. Enable Password vs. Enable Secret Password Encryption Option D is correct because the enable secret password uses MD5 hashing (Type 5) by default - and can use even stronger algorithms like SHA-256 (Type 8/9) - which is significantly more secure than the encryption applied to the
Question
What is the difference between the enable password and the enable secret password when password encryption is enable on an IOS device?
Options
- AThe enable password is encrypted with a stronger encryption method.
- BThere is no difference and both passwords are encrypted identically.
- CThe enable password cannot be decrypted.
- DThe enable secret password is protected via stronger cryptography mechanisms.
How the community answered
(21 responses)- A5% (1)
- C5% (1)
- D90% (19)
Explanation
Enable Password vs. Enable Secret Password Encryption
Option D is correct because the enable secret password uses MD5 hashing (Type 5) by default - and can use even stronger algorithms like SHA-256 (Type 8/9) - which is significantly more secure than the encryption applied to the enable password. Even when the service password-encryption command is enabled on an IOS device, the enable password is only protected by Cisco's weak, reversible Type 7 encryption, which can be easily cracked with freely available tools.
- Option A is wrong because it reverses the relationship - it is the enable secret, not the enable password, that uses the stronger encryption method.
- Option B is wrong because the two commands use fundamentally different encryption mechanisms (Type 7 vs. MD5/SHA), making them far from identical.
- Option C is wrong because the enable password can be decrypted due to its weak Type 7 encoding, whereas the enable secret's hash is designed to be one-way.
Memory Tip: Think of "secret" as meaning seriously encrypted - the word "secret" signals that Cisco intended this password to be the more secure option, which is why Cisco recommends always using
enable secretinstead ofenable password.
Topics
Community Discussion
No community discussion yet for this question.