Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1698
Views
0
Helpful
1
Replies

Pre-shared key authentication

rj.remien
Level 1
Level 1

‎11-04-2002 04:46 PM - edited ‎02-21-2020 10:04 AM

When using pre-shared key authentication for site to site VPN's, is it best to use very random keys? Also, if the key is longer will it be harder to break? Is there a threshold at which keys being too long increases latency of IPsec traffic? (e.g. 40 characters or longer?) What is the optimum length for a key without sacrificing speed or security?

Thanks,

RJ

Labels:
0 Helpful
1 Reply 1

a-vazquez
Level 6
Level 6

‎11-08-2002 02:23 PM

Random keys which are combinations of alpha numeric characters and lower and upper cases, are considered to be stronger and secure. Totally random keys however have an inherent problem of being difficult to remember. Also, generally speaking, the longer the key, the more secure it is. However, the maximum allowed preshare key length on a cisco router is 128 bytes. The IPSec peers use preshared keys as one of the methods to authenticate each other during IKE phase 1 negotiations. This does not happen too often. Thus, it is my guess that long preshare key length will not affect the performance too much.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents