Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
745
Views
0
Helpful
2
Replies

Use of Pre-shared Keys

miller-p
Level 1
Level 1

‎05-01-2001 10:24 AM - edited ‎03-08-2019 08:11 PM

If a 'person in the middle' has knowledge of the pre-shared secret used to authenticate a VPN tunnel, using IPSEC/IKE. Could that person potentially decrypt the conversation? Or otherwise use the pre-shared secret to try and duplicate keys?

Labels:
0 Helpful
2 Replies 2

s-doyle
Level 3
Level 3

‎05-07-2001 07:17 AM

You could establish a new session if using wild cards but I don’t know about decrypting the traffic in the tunnel on the fly.

0 Helpful

arunv
Level 1
Level 1

‎05-22-2001 06:26 AM

Pre-shared keys are fine but not scalable. From my knowledge, if the key is compromised, it has to be changed immediately on all devices. A safe way is to sign-up with a CA. This was recommended by Cisco while I was designing our VPN. Well, the answer to your question is "yes, the security and data are compromised".

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents