Changes existing AES-256 encrypted passwords and MD5 passwords to SHA-512 .
By default, passwords from previous releases have the encryption with which they were configured.
Privileged EXEC mode
Use this command to convert all existing passwords to make them more secure in SLX-OS 20.1.1 or later. Any clear-text (enc-level 0) passwords are retained in the configuration database and not converted to SHA-512.
This command is available only to administrative users.
If you downgrade to a release earlier than SLX-OS 20.1.1, all MD5 passwords that were converted to SHA-512 will not be available.
The following example shows the warning and the prompt before passwords are converted.
device# password-encryption convert-enc-to-level-10 %WARN: This operation will convert all existing user passwords to SHA-512 format. However, the enc level 0 (clear-text) passwords, if any, will be retained as is in the configuration database. These configurations will be lost if the system is downgraded to lower releases than SLX 20.1.1. Do you want to continue? [y/n]y All passwords are converted successfully.
The following example shows the warning when a configuration rollback is in progress.
device# password-encryption convert-enc-to-level-10 %WARN:This operation will convert all existing user passwords to SHA-512 format. However, the enc level 0 (clear-text) passwords, if any, will be retained as is in the configuration database. These configurations will be lost if the system is downgraded to lower releases than SLX 20.1.1. Do you want to continue? [Y/N]y %%ERROR: Password conversion is not allowed when configuration rollback session is in progress; Please try again later.