Is PSK just as secure as RSA key?

jonnytabpni

Hi Everyone,

Given the fact that I'm using "DH Key Group 2" in my IPSEC VPN settings, is using a PSK just as secure as using a CA cert and private key?

Thanks

jimp

The certificate method gives a bit more solid identity confirmation. Speaking theoretically and oversimplified, someone could just steal or brute force the PSK and hijack the IPs to get into the tunnel, but assuming the certificates where distributed securely, they're a bit harder to get ahold of.

kpa

Assuming your PSK is long enough (see below) and not breakable trough a dictionary attack and you are sure that the PSK can not leak by any means it is unbreakable.

http://www.codinghorror.com/blog/2006/07/brute-force-key-attacks-are-for-dummies.html

jimp

Just keep this far more likely scenario in mind, and remember that your encryption is not the weakest link :-)

http://xkcd.com/538/

jonnytabpni

Thanks for the replies.

I'm guessing that the PSK is used for authentication only?

So, for example, once identity has been verified, the VPN 'security' would be identical if I was using RSA keys?

Thanks