removing enable secret password - cisco
john heasley
heas at shrubbery.net
Thu Oct 25 17:57:42 UTC 2001
Thu, Oct 25, 2001 at 09:48:06AM -0700, Rizzo, Joe:
> I hope this is not a stupid question...
>
> I like how Rancid removes the encrypted passwords from the config, however
> if "enable secret" is used, the encrypted password is not removed.
>
> For a quick fix I modified line 880 of rancid(2.2b5).
> from: /^(enable )?(password|passwd) / &&
> to: /^(enable )?(password|passwd|secret) / &&
>
> Am I overlooking a reason that the "enable secret" password should not be
> removed from the configs?
it is not a reversable format, hence we did not see the need to remove it.
a brute force method can be applied (there was one done in ~97 w/ N machines
that took months).
> If not can the enable secret password be removed in future versions of
> rancid?
an option could be provided. say PASSWORDS=(YES | PARANOID)
filtering just reversable or all. if folks want or think that would be useful.
More information about the Rancid-discuss
mailing list