What is a good preshared key length

Unanswered Question
Oct 3rd, 2007

Hi, I have a pre-shared key of 8 characters, it includes numbers, letters, capital letters, and symbols, is this ok? Or a million dollar question :)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
paul.matthews Wed, 10/03/2007 - 11:50

All depends what you are trying to protect and where. If relatively minor info, across an already private network it will be fine. If the info is troop movements, and it is to be carried across the internet, it may be a little weak!

If the key is something like G66d-day (simply put numlock on a notebook) it is comparatively weak.

The longet, and more varied the more secure, and shorter key life improves security too.

Richard Burts Wed, 10/03/2007 - 11:58


With numbers, letters, capital letters, and symbols it sounds like a pretty strong key. I would think that a length of 8 characters is good enough. What function will this key be used for?



whiteford Wed, 10/03/2007 - 12:51

Its for a site to site VPN between an 877 and a Cisco concentrator

paul.matthews Wed, 10/03/2007 - 23:21

And what is the sensitivity of the data? where is the transit network (internet)? These are more important thanthe hardware TBH.

Paolo Bevilacqua Wed, 10/03/2007 - 12:41

Consider good old DES 40 bit ciphering. You can't break it by brute force (no other type of attack is known to work) unless you have significant computing power (much more that one today's CPU).

Now consider that switching to the "even stronger" AES of 256 bits, makes no difference in performance, with hw acceleration on the router.

And all the options in between the above. Practical difference in using one or another: none.

[edit] - I realize that the above is not really about the string representation of a pre-shared key. On the other hand, the first is just producing the second, and it's lenght is what matter most.

whiteford Wed, 10/03/2007 - 13:04

How would I configure that on a Cisco 877 and at the Cisco concentrator end?


This Discussion