Privacy—Encrypting the Traffic
Often passwords or encryption keys are used to encrypt data. If both sides use the same key to encrypt and decrypt data, this is called symmetric encryption. The encryption key has to be put on all machines that are supposed to take part in the VPN connection.
Symmetric Encryption and Pre-Shared Keys
Anybody who has this key can decrypt the traffic. If an attacker gets hold of this key, he or she can decrypt all traffic and compromise all systems taking part in the VPN, until all systems are supplied with another key. Furthermore, such a static, pre-shared key can be guessed, deciphered, or hacked by brute-force attacks. It is merely a matter of time for an attacker to find out the key and to read, or even worse, change the data.
 |
Therefore, VPN software like IPsec changes keys in defined intervals. Every key is only valid for a certain period of time, called key lifetime. A good combination of key lifetime and key length ensures that an attacker cannot decrypt...
