removing enable secret password - cisco

john heasley heas at
Thu Oct 25 17:57:42 UTC 2001

Thu, Oct 25, 2001 at 09:48:06AM -0700, Rizzo, Joe:
> I hope this is not a stupid question...
> I like how Rancid removes the encrypted passwords from the config, however
> if "enable secret" is used, the encrypted password is not removed.
> For a quick fix I modified line 880 of rancid(2.2b5). 
> from: /^(enable )?(password|passwd) / &&
> to: /^(enable )?(password|passwd|secret) / &&
> Am I overlooking a reason that the "enable secret" password should not be
> removed from the configs?

it is not a reversable format, hence we did not see the need to remove it.
a brute force method can be applied (there was one done in ~97 w/ N machines
that took months).

> If not can the enable secret password be removed in future versions of
> rancid?

an option could be provided.  say PASSWORDS=(YES | PARANOID)
filtering just reversable or all.  if folks want or think that would be useful.

More information about the Rancid-discuss mailing list