Michael Vincent
and 1 contributors


Cisco::SNMP::Password - Password Interface for Cisco Management


  use Cisco::SNMP::Password;


This module is deprecated. Please use Crypt::Cisco. This will be removed from future releases.

The following methods implement the type-7 password encryption / decryption. The algorithm is freely available on the Internet on several sites; thus, I can/will NOT take credit or ANY liability for its use.


new() - create a new Cisco::SNMP::Password object

  my $cm = Cisco::SNMP::Password->new();

Create a new Cisco::SNMP::Password object.

password_decrypt() - decrypt a Cisco type 7 password

  my $passwd = $cm->password_decrypt('00071A150754');

Where 00071A150754 is the encrypted Cisco password in this example.

password_encrypt() - encrypt a Cisco type 7 password

  my $passwd = $cm->password_encrypt('cleartext'[,# | *]);
  print "$_\n" for (@{$passwd});

Where cleartext is the clear text string to encrypt. The second optional argument is a number in the range of 0 - 52 inclusive or random text.

Returns a pointer to an array constructed based on the second argument to password_encrypt.

  Option  Description            Action
  ------  -----------            -------
          No argument provided   Return all 53 possible encryptions.
  #       Number 0-52 inclusive  Return password encrypted with # index.
  (other) Random text            Return a random password.

NOTE: Cisco routers by default only seem to use the first 16 indexes (0 - 15) to encrypt passwords. You notice this by looking at the first two characters of any type 7 encrypted password in a Cisco router configuration. However, testing on IOS 12.x and later shows that manually entering a password encrypted with a higher index (generated from this script) to a Cisco configuration will not only be allowed, but will function normally for authentication. This may be a form of "security through obscurity" given that some older Cisco password decrypters don't use the entire translation index and limit 'valid' passwords to those starting with the fist 16 indexes (0 - 15). Using passwords with an encryption index of 16 - 52 inclusive may render older Cisco password decrypters useless.

Additionally, the Cisco router command prompt seems to be limited to 254 characters, making the largest password 250 characters (254 - 4 characters for the pas (followed by space) command to enter the password).


The following are inherited methods. See Cisco::SNMP for more information.



None by default.


This distribution comes with several scripts (installed to the default bin install directory) that not only demonstrate example uses but also provide functional execution.




This software is released under the same terms as Perl itself. If you don't know what that means visit http://perl.com/.


Copyright (C) Michael Vincent 2015


All rights reserved