When using pre-shared key authentication for site to site VPN's, is it best to use very random keys? Also, if the key is longer will it be harder to break? Is there a threshold at which keys being too long increases latency of IPsec traffic? (e.g. 40 characters or longer?) What is the optimum length for a key without sacrificing speed or security?
Random keys which are combinations of alpha numeric characters and lower and upper cases, are considered to be stronger and secure. Totally random keys however have an inherent problem of being difficult to remember. Also, generally speaking, the longer the key, the more secure it is. However, the maximum allowed preshare key length on a cisco router is 128 bytes. The IPSec peers use preshared keys as one of the methods to authenticate each other during IKE phase 1 negotiations. This does not happen too often. Thus, it is my guess that long preshare key length will not affect the performance too much.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...