• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Is PSK just as secure as RSA key?

Scheduled Pinned Locked Moved IPsec
5 Posts 3 Posters 15.0k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jonnytabpni
    last edited by Jul 10, 2010, 11:08 PM

    Hi Everyone,

    Given the fact that I'm using "DH Key Group 2" in my IPSEC VPN settings, is using a PSK just as secure as using a CA cert and private key?

    Thanks

    1 Reply Last reply Reply Quote 0
    • J
      jimp Rebel Alliance Developer Netgate
      last edited by Jul 12, 2010, 2:11 PM

      The certificate method gives a bit more solid identity confirmation. Speaking theoretically and oversimplified, someone could just steal or brute force the PSK and hijack the IPs to get into the tunnel, but assuming the certificates where distributed securely, they're a bit harder to get ahold of.

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • K
        kpa
        last edited by Jul 12, 2010, 5:20 PM

        Assuming your PSK is long enough (see below) and not breakable trough a dictionary attack and you are sure that the PSK can not leak by any means it is unbreakable.

        http://www.codinghorror.com/blog/2006/07/brute-force-key-attacks-are-for-dummies.html

        1 Reply Last reply Reply Quote 0
        • J
          jimp Rebel Alliance Developer Netgate
          last edited by Jul 12, 2010, 5:24 PM

          Just keep this far more likely scenario in mind, and remember that your encryption is not the weakest link :-)

          http://xkcd.com/538/

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • J
            jonnytabpni
            last edited by Jul 12, 2010, 8:35 PM

            Thanks for the replies.

            I'm guessing that the PSK is used for authentication only?

            So, for example, once identity has been verified, the VPN 'security' would be identical if I was using RSA keys?

            Thanks

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received