Cisco Type 7 Password Decoder

Type 7 passwords as used by Cisco IOS are not properly encrypted – this is because there are many situations where the router itself needs to know the original password, such as when authenticating using CHAP or WEP. They are hidden to stop someone just peering over your shoulder at a router configuration and seeing passwords, but you can convert back to the unencrypted form if you need to. The code is Javascript, so this doesn’t send the password over the internet. (Of course, if you’re paranoid you should not take my word for it and should inspect the page itself, or run it offline) For some time prior to July 2010 there was a bug in the script that incorrectly calclated the result, but this has now been fixed.

In general, if you don’t need the router to know the password and only let people log in locally using it via telnet or ideally ssh you can use secret instead, i.e. “username fred secret bloggs” and “enable secret ILikeCheese”.

The original Perl code for this is available here.

Hidden password: (The bit after the 7 e.g. username fred password 7 1234567812345678) Plain Text Result: Hex result: (For WEP keys)

2 comments

  1. Hello,
    I send you this mail because i need to find how encrypt a password to cisco password 7 type, because i want make automatic script on my aeronet.

  2. Hello,
    I send you this mail because i need to find how encrypt a password to cisco password 7 type, because i want make automatic script on my aeronet.

    Thx You

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.