Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

What is a good preshared key length

Hi, I have a pre-shared key of 8 characters, it includes numbers, letters, capital letters, and symbols, is this ok? Or a million dollar question :)

7 REPLIES

Re: What is a good preshared key length

All depends what you are trying to protect and where. If relatively minor info, across an already private network it will be fine. If the info is troop movements, and it is to be carried across the internet, it may be a little weak!

If the key is something like G66d-day (simply put numlock on a notebook) it is comparatively weak.

The longet, and more varied the more secure, and shorter key life improves security too.

Hall of Fame Super Gold

Re: What is a good preshared key length

Andy

With numbers, letters, capital letters, and symbols it sounds like a pretty strong key. I would think that a length of 8 characters is good enough. What function will this key be used for?

HTH

Rick

Community Member

Re: What is a good preshared key length

Its for a site to site VPN between an 877 and a Cisco concentrator

Re: What is a good preshared key length

And what is the sensitivity of the data? where is the transit network (internet)? These are more important thanthe hardware TBH.

Hall of Fame Super Gold

Re: What is a good preshared key length

Consider good old DES 40 bit ciphering. You can't break it by brute force (no other type of attack is known to work) unless you have significant computing power (much more that one today's CPU).

Now consider that switching to the "even stronger" AES of 256 bits, makes no difference in performance, with hw acceleration on the router.

And all the options in between the above. Practical difference in using one or another: none.

[edit] - I realize that the above is not really about the string representation of a pre-shared key. On the other hand, the first is just producing the second, and it's lenght is what matter most.

Community Member

Re: What is a good preshared key length

How would I configure that on a Cisco 877 and at the Cisco concentrator end?

Hall of Fame Super Gold

Re: What is a good preshared key length

Pick the example that better matches your case from here:

http://cisco.com/en/US/tech/tk583/tk372/tech_configuration_examples_list.html

1009
Views
0
Helpful
7
Replies
CreatePlease to create content