Re: user <user> secret <password> and CHAP doubt posted 07/24/2005
Turn on " Service password-encryption "
What this actually does . Is it will encrypt it so that any one who have
access to running configuration will not be able to make out .
This will work with PPP perfectly fine .
Thanks and Regards
----- Original Message -----
From: "Gustavo Novais" <gustavo.novais@xxxxxxxxxxx>
To: "lab" <ccielab@xxxxxxxxxxxxxx>
Sent: Sunday, July 24, 2005 10:01 PM
Subject: user <user> secret <password> and CHAP doubt
> I'm doing a lab on which the requirement is that we use CHAP
> authentication, but on one of the involved routers the username for the
> remote must be stored as such you shouldn't be able to decode the
> password from the config.
> This points me to user XXX secret pass, which encrypts the pass with
> The thing is, as stated on
> CHAP doesn't "like" that we store the passwords as MD5, It needs them to
> be on plain text so he can derive its own md5 challenge.
> I can turn around the issue by simply not authenticating the remote
> side, thus no need of local username, and then it can be whatever I
> want. But I think this ugly...
> this appeared on IPexpert challenge 26, ISDN question.
> Any thoughts?
> PS. I can also see what is the hash of the password and use the hash
> instead of the password, and store it as plain text, but this would be
> even uglier...
> Subscription information may be found at: