An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

A. username netadmin secret 5 $1$b1JUSkZbBS1Pyh4OzwXyZ1kSZ2

B. username netadmin secret $15b1JuSk404850110QzwXyZ1k SZ2

C. 
line Console 0
password $15b1Ju$

D. 
username netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuV

An engineer must configure the strongest password authentication to locally authenticate on a router. Which configuration must be used?

A. username netadmin secret 5 $1$b1JUSkZbBS1Pyh4OzwXyZ1kSZ2

B. username netadmin secret $15b1JuSk404850110QzwXyZ1k SZ2

C. 
line Console 0
password $15b1Ju$

D. 
username netadmin secret 9 $9$vFpMfBelbRVV8SseX/bDAxtuV

Correct Answer: D

Use Type 6, Type 8 and Type 9 wherever possible.
Type 0, Type 5 and Type 7 should be migrated to other stronger methods.

Type 5
These use a salted MD5 hashing algorithm. These should only be used if Type 6, 8, or 9 is not available on the IOS version you are running. Attempting to use Type 5 in modern IOS XE will throw an error as these will be depreciated soon. In the running config these start with $5$.

Type 9
These use the SCRYPT hashing algorithm defined in the informational RFC 7914. SCRYPT uses 80-bit salt, 16384 iterations. It’s very memory expensive to run the algorithm and therefore difficult to crack. Running it once occasionally on a Cisco device is fine though, this is currently the Best Practice Type password to use. I have not proven it but I believe it is possible that the popular tool HashCat is able to decrypt these.