Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Secure character length for a pre-shared key

Hey folks,

We're implementing a router-to-router IPSEC VPN using pre-shared keys. How many characters would you use in order to fell as though you have a "strong" pre-shared key?

Also, while testing this in the lab, I noticed that although I have "service password-encryption" enabled, the pre-shared keys show up in plaintext next to my "crypto isakmp key" commands. Any way to hide it?

Thanks,

SM

2 REPLIES

Re: Secure character length for a pre-shared key

I like to use a minimum of 12 char. mixing it up between upper case, lower case, numeric, and symbols. Just my rule of thumb.

No way to hide the key, sorry. Just use some crazy, long key that makes no sense. Heck, but the word ENCRYPTED before or after it as well and you'll really confuse someone!!! :)

-brad

www.ccbootcamp.com

(please rate the post if this helps!)

Re: Secure character length for a pre-shared key

Mostly the key length is kept a minimum of 8 characters alpha-numeric

Brad, you can now hide the key with the AES encryption.

http://www.cisco.com/en/US/products/ps6350/products_configuration_guide_chapter09186a0080455ad9.html#wp1072242

HTH

Narayan

194
Views
13
Helpful
2
Replies
CreatePlease login to create content