350-401 · Question #75
Which method does the enable secret password option use to encrypt device passwords?
The correct answer is D. MD5. MD5 (Message Digest 5) is the hashing algorithm used by Cisco's enable secret command to encrypt passwords stored in the device configuration. Unlike the weaker enable password command (which uses Type 7 reversible encoding), enable secret applies a one-way MD5 hash, making it si
Question
Which method does the enable secret password option use to encrypt device passwords?
Options
- AAES
- BCHAP
- CPAP
- DMD5
How the community answered
(14 responses)- C7% (1)
- D93% (13)
Explanation
MD5 (Message Digest 5) is the hashing algorithm used by Cisco's enable secret command to encrypt passwords stored in the device configuration. Unlike the weaker enable password command (which uses Type 7 reversible encoding), enable secret applies a one-way MD5 hash, making it significantly more secure.
Why the distractors are wrong:
- A (AES): AES is a symmetric encryption algorithm used in protocols like WPA2 and IPsec, not in the
enable secretcommand. - B (CHAP): CHAP (Challenge Handshake Authentication Protocol) is a PPP authentication protocol used for dial-up/WAN connections, not password storage encryption.
- C (PAP): PAP (Password Authentication Protocol) is another PPP authentication method that actually sends credentials in plaintext, making it the least secure option of the bunch.
Memory Tip: Think "Secret = MD5" - both words have a "hidden/one-way" theme. You can also remember that enable secret produces a hash string beginning with $1$ in Cisco configs, which is the standard indicator for MD5 hashing. If you see a 32-character hex-like string in the config, that's your MD5 fingerprint!
Topics
Community Discussion
No community discussion yet for this question.