Quantum computers pose a potential challenge to current cryptographic algorithms, such as those used in IKEv2 VPN. Current algorithms are considered to be very robust, but the challenge is that an attacker can record encrypted data today and decrypt it using quantum computers in the future.
The RFC 8784 "Mixing Preshared Keys in the Internet Key Exchange Protocol Version 2 (IKEv2) for Post-quantum Security" offers a way to resist quantum computers when passwords (PSKs) are used. The extension works by "mixing" the standard IKEv2 password key (PSK) with another key in the form of a Post-quantum Preshared Key (PPK) to increase resistance.
Existing IKEv2 PSK tunnels can easily be supplemented with PPKs. The PPK is independent of the existing PSK.
LCOS supports manual configuration of PPKs. Automatic procedures for changing PPKs are not supported.
- PPK-ID
- Set a unique name for this entry. The input format can be a string or hexadecimal number (identified by a leading 0x).
- PPK
- Enter the post-quantum preshared key here as a character string or hexadecimal number (identified by a leading 0x).
- Required
- If the use of PPKs is configured as required, the corresponding VPN connection will be rejected if the remote site does not support or has not configured a PPK. If the use of PPKs is configured as optional, both PPK and non-PPK connections are accepted.
