Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is PSK just as secure as RSA key?

    IPsec
    3
    5
    12118
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonnytabpni last edited by

      Hi Everyone,

      Given the fact that I'm using "DH Key Group 2" in my IPSEC VPN settings, is using a PSK just as secure as using a CA cert and private key?

      Thanks

      1 Reply Last reply Reply Quote 0
      • jimp
        jimp Rebel Alliance Developer Netgate last edited by

        The certificate method gives a bit more solid identity confirmation. Speaking theoretically and oversimplified, someone could just steal or brute force the PSK and hijack the IPs to get into the tunnel, but assuming the certificates where distributed securely, they're a bit harder to get ahold of.

        1 Reply Last reply Reply Quote 0
        • K
          kpa last edited by

          Assuming your PSK is long enough (see below) and not breakable trough a dictionary attack and you are sure that the PSK can not leak by any means it is unbreakable.

          http://www.codinghorror.com/blog/2006/07/brute-force-key-attacks-are-for-dummies.html

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            Just keep this far more likely scenario in mind, and remember that your encryption is not the weakest link :-)

            http://xkcd.com/538/

            1 Reply Last reply Reply Quote 0
            • J
              jonnytabpni last edited by

              Thanks for the replies.

              I'm guessing that the PSK is used for authentication only?

              So, for example, once identity has been verified, the VPN 'security' would be identical if I was using RSA keys?

              Thanks

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy