Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Pre-shared key authentication

When using pre-shared key authentication for site to site VPN's, is it best to use very random keys? Also, if the key is longer will it be harder to break? Is there a threshold at which keys being too long increases latency of IPsec traffic? (e.g. 40 characters or longer?) What is the optimum length for a key without sacrificing speed or security?

Thanks,

RJ

1 REPLY
Silver

Re: Pre-shared key authentication

Random keys which are combinations of alpha numeric characters and lower and upper cases, are considered to be stronger and secure. Totally random keys however have an inherent problem of being difficult to remember. Also, generally speaking, the longer the key, the more secure it is. However, the maximum allowed preshare key length on a cisco router is 128 bytes. The IPSec peers use preshared keys as one of the methods to authenticate each other during IKE phase 1 negotiations. This does not happen too often. Thus, it is my guess that long preshare key length will not affect the performance too much.

261
Views
0
Helpful
1
Replies