The enable secret command uses MD5, a one-way hashing algorithm, to store passwords. The stored configuration passwords are encrypted when write terminal or show running-config commands are issued. Forgotten passwords cannot be recovered, however, if the enable secret option is used.

Despite the reliability of encryption, it can be broken provided adequate resources and ample time are available. Because of this, encryption should not be the only means of network security; it is only one of many pieces.