Shared Secret definition
Just like in real life, a secret is information kept among people privately. In cybersecurity, that information is known and shared only with parties involved in a particular process. Shared secrets are used for authentication, establishing secure connections, or data encryption and decryption. Confidentiality of shared secrets is critical for the security of the system.
See also: encrypted file transfer
Common use cases in cybersecurity:
- Two-factor authentication: A good example of the shared secret is a two-factor authentication principle, where the user has some personal secret information, like a password and one-time code that is generated by a program or an app. The one-time code is generated based on a shared secret between the authentication server and the user's software.
- Virtual private networks: Shared secrets are crucial for VPNs because they are used to establish connections between the server and the client. Those secrets ensure the encrypted information transmitted over the VPN can be decrypted only by the parties processing that shared secret.
- Wireless network security: In wireless networks, shared secrets come in pre-shared keys (PSKs). They work as authentication when devices try to connect to Wi-Fi networks. They also encrypt data that is transmitted over the network, protecting it from various attacks and unauthorized access attempts.