Encryption Strength

Nessus uses the following default encryption for storage and communications.

Function Default Encryption
Storing user account passwords SHA-512 and the PBKDF2 function with a 512-bit key
Storing user and service accounts for scan credentials, as described in Credentials

AES-128

Scan Results AES-128
Communications between Nessus and clients (NNM users). TLS 1.3 (fallback to TLS 1.2 or earlier, as configured) with the strongest encryption method supported by Nessus and your browser or API program
Communications between Nessus and the Tenable product registration server TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384
Communications between Nessus and the Tenable plugin update server TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384