The enable secret-encrypted passwords are hashed (that is, encrypted) using the MD5 algorithm. As far as anyone at Cisco knows, it is impossible to recover an enable secret password based on the contents of a configuration file (other than by obvious dictionary attacks), which would allow the password to be guessed if you were to use a word and not a random string of different characters. Please note that impossible means that many people cannot gather the resources needed to crack MD5, as you all know there is no algorithm that cannot be cracked given sufficient time and resources.
This applies only to passwords that are set with enable secret, not to passwords set with enable password. Indeed, the strength of the encryption used is the only significant difference between the two commands. Whenever possible, use enable secret, which is far more secure and better protects your network devices.
Was this article helpful?