> > Am I looking at an out of date or fukt configuration, or are ROOT PASSWORDS > > really stored in the CLEAR in configuration files?! > > > > C'mon, guys, cisco fixed that one at least five years ago. > > They did except you can decrypt the passwords in about 1/1000th of a second ; The original cisco password "encryption" should never have been given that name. It is not encryption and engineering never intended it to serve that purpose. It's purpose was merely to stop casual observers from grabing passwords by looking over your shoulders. It's arguable if that ever should have been done, but that is what was done. The problem is that many passwords on a cisco router need to be reversible in order to support protocols like ARAP and PPP's CHAP. Reversible encryption is a difficult problem when you have no secure storage. Current cisco products support a true one-way encryption scheme for enable passwords (our equivalent of a ROOT password). It is quite robust. Look for "enable secret" in your cisco config. Dave