Our scanning vendor is marking us down because we are using IKEv1 in Aggressive Mode with a pre-shared key. We are using Sonicwall's Global VPN Client to connect to the VPN device in question.
I understand that this is a risk but I don't have a good feel for how risky it is. What are the practical risks involved here?
Supposedly, longer keys are safer. Assuming that the key itself is sufficiently random, how many characters is considered "safe" enough?
When you're using Aggressive mode, the authentication hash, (pre-shared key) is transmitted as response to the initial packet of the vpn client that wants to establish an IPSec Tunnel. The hash (pre shared key) is not encrypted. If an attacker can capture these session packets, they can run an attack to recover the PSK. The attack only affects aggressive mode because main mode encrypts the hash. For more on this, see Cisco's Main vs. Aggressive Mode tidbit. Be aware, there are security tools to make these attacks simple (ikescan, etc) see: http://blog.spiderlabs.com/2013/03/cracking-ike-aggressive-mode-hashes-part-1.html
Only with IKEv1 aggressive mode a passive attacker can sniff “the hash”. The only unknown part of the ingredients to this hash is the PSK. – It is still a cryptographic hash, so the ingredients can not be calculated from it as such.
The problem is: an attacker can do offline dictionary and brute-force attacks on it. – So, as you suggest, the strength really depends on the randomness and length of PSK you use. With a good PSK it will still take years to crack, I believe. Unfortunately I don’t know how many characters are required to be in that range.
