What is the difference between the enable password and the enable secret password when service password encryption is enable on an IOS device?

What is the difference between the enable password and the enable secret password when service password encryption is enable on an IOS device?
A . The enable password is encrypted with a stronger encryption method.
B . There is no difference and both passwords are encrypted identically.
C . The enable password cannot be decrypted.
D . The enable secret password is protected via stronger cryptography mechanisms.

View Answer

Answer: D

Explanation:

The “enable secret” password is always encrypted (independent of the “service password encryption” command) using MD5 hash algorithm. The “enable password” does not encrypt the password and can be view in clear text in the running-config. In order to encrypt the “enable password”, use the “service password-encryption” command. This command will encrypt the passwords by using the Vigenere encryption algorithm. Unfortunately, the Vigenere encryption method is cryptographically weak and trivial to reverse.

The MD5 hash is a stronger algorithm than Vigenere so answer ‘The enable secret password is protected via stronger cryptography mechanisms’ is correct.