By using openssl, you can install type5 hashed passwords within the cisco ios configuration files for most IOS based routers. This will allow you to deliver a configuration file for installation and trust that the password is hashed and secured.
A ios configuration with the following lines in the cfg;
enable password socdude
enable secret socgal
Would not be as secured as ;
enable secret $1$6XXp$YXBalUFqXfY0Ui4mn9lZx0
btw: When I review or pass cfg files around, I typically hash out enable password if they are present and before sending back to the originator or to another colleague if he/she is reviewing the config file. This good practices or better yet sanitized the configuration file of all confidential data ( radius/tacacs keys, snmp community, username, etc.....)
Now, with openssl we can easily replicate the same type5 hash that cisco deploys.
The following screenshot shows this function & with two crafted type5 hashes
Here's me using the highlight blue hash that was generated from openssl from the above image ;
And finally, don't forget that all username can be secured using a type5 hash. In this example, the user socpuppets has a type5 hash vrs the plain old password
Okay one might argue that you could just login into any old cisco router and generate the type5 password and then copy it down & into the configuration file that you are sending.
Well yes you could do exactly this, but if you the need for automation script building & for generation of type5 type of hashes, don't over look the capabilities that openssl has in regards to generation of type5 hashes.
Freelance Network / Security Engineer
kfelix ----a---t---socpuppets ---d---o---t---com
=( @ @ )=