Encryption Strength

Tenable Nessus uses the following default encryption for storage and communications.

Function Default Encryption
Storing user account passwords SHA-512 and the PBKDF2 function with a 512-bit key
Storing user and service accounts for scan credentials, as described in Credentials

AES-128

Scan results and scan exports AES-128
Communications between Tenable Nessus and clients (GUI/API users) TLS 1.3 (fallback to TLS 1.2 or earlier, as configured) with the strongest encryption method supported by Tenable Nessus and your browser or API program
Communications between Tenable Nessus and Tenable Nessus Agents TLS 1.3 (fallback to TLS 1.2 if forced by the environment)
Communications between Tenable Nessus and the Tenable plugin update server TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384
Communications between Tenable Nessus and the Tenable product registration server TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384