Password Obfuscation in CLI Script and ini Files
You can enhance security by obfuscating passwords in the downloaded ini and CLI Script files. Password encryption is achieved using the AES-256 algorithm with a 16-bit random CFB initialization vector (IV) cipher mode, using an encryption key. This method offers robust protection of sensitive data.
Obscured passwords are displayed in the following syntax:
| ■ | ini File: |
Syntax: $2$<obfuscated password>
Example:
WSTunPassword = $2$8EGYm+FG+JJT/p8ZOytU64uplPMKcw==
| ■ | CLI Script File: |
Syntax: <obscured password>== encrypted
Example:
password B55osyLT1t7+oorwkaNB3bxEX4Bl8g== encrypted
To configure an encryption key for password obfuscation, see Configuring Password Obfuscation. To disable password obfuscation (by clearing encryption key), see Disabling Password Obfuscation
| ● | If you need to downgrade the device to an earlier version that doesn't support password obfuscation, you must clear the encryption key (see Disabling Password Obfuscation). |
| ● | The encryption key remains unaffected even when the device is restored to factory defaults. |
| ● | If you configure password obfuscation by encryption key as described in this section, the device automatically disables the CLI password obscured feature (see Enabling or Disabling Password Obscured for CLI). |