[10563] | 1 | BLOWFISH |
---|
| 2 | ======== |
---|
| 3 | |
---|
| 4 | Bruce Schneier's block cipher that was designed to be a fast and free |
---|
| 5 | alternative to existing encryption algorithms. It is unpatented and |
---|
| 6 | license-free. SSH version uses a 128-bit key for Blowfish (the |
---|
| 7 | algorithm allows anything from 32 to 448 bits). |
---|
| 8 | |
---|
| 9 | Performance on a pentium machine is about 88% of "none" encryption. |
---|
| 10 | |
---|
| 11 | You can disable it by giving the --without-blowfish option to |
---|
| 12 | configure. It is ON by default. |
---|
| 13 | |
---|
| 14 | |
---|
| 15 | ARCFOUR |
---|
| 16 | ======= |
---|
| 17 | |
---|
| 18 | Arcfour is a stream cipher that supports variable length keys (SSH |
---|
| 19 | uses it with 128 bit keys). Arcfour is compatible with the RC4 cipher |
---|
| 20 | (RC4 is a trademark of RSA Data Security). Arcfour is quite fast. |
---|
| 21 | |
---|
| 22 | There are some problems in the way arcfour is used in SSH 1.x. Because |
---|
| 23 | of this, it is disabled by default. Arcfour can be enabled by giving |
---|
| 24 | --with-arcfour to configure; however, this will introduce security |
---|
| 25 | problems if the attacker can perform active network-level attacks. The |
---|
| 26 | problems are fixed in SSH 2.x. |
---|
| 27 | |
---|
| 28 | Performance on a pentium machine is about 91% of "none" encryption. |
---|
| 29 | |
---|
| 30 | The SSH client automatically switches to blowfish, if arcfour is |
---|
| 31 | requested but not supported. This allows old scripts and config files |
---|
| 32 | to work even now that arcfour is disabled by default. A warning is |
---|
| 33 | printed when this happens. |
---|
| 34 | |
---|
| 35 | |
---|
| 36 | IDEA |
---|
| 37 | ==== |
---|
| 38 | |
---|
| 39 | A 128-bit block cipher. Faster than 3DES, but slower than Arcfour and |
---|
| 40 | Blowfish. The IDEA algorithm is patented in many countries, and the |
---|
| 41 | patent holder disallows commercial use (their definition of |
---|
| 42 | commercial use include connections from one corporation to another |
---|
| 43 | corporation). |
---|
| 44 | |
---|
| 45 | Performance on a pentium machine is about 64% of "none" encryption. |
---|
| 46 | |
---|
| 47 | You can disable IDEA by giving the --without-idea option to configure. It is |
---|
| 48 | ON by default. |
---|
| 49 | |
---|
| 50 | |
---|
| 51 | DES |
---|
| 52 | === |
---|
| 53 | |
---|
| 54 | A 56-bit block cipher. About three times faster than 3DES, but slower |
---|
| 55 | than Arcfour and Blowfish. The 56-bit key length is too small for real |
---|
| 56 | security, so you should not enable this unless it is crucial for you |
---|
| 57 | to support DES (e.g. due to company policy). |
---|
| 58 | |
---|
| 59 | Performance on a pentium machine is about 71% of "none" encryption. |
---|
| 60 | |
---|
| 61 | You can enable DES by giving the --with-des option to configure. It is OFF |
---|
| 62 | by default. |
---|
| 63 | |
---|
| 64 | |
---|
| 65 | 3DES |
---|
| 66 | ==== |
---|
| 67 | |
---|
| 68 | Three-key triple-DES (effective key length of about 112 bits) in inner |
---|
| 69 | CBC-mode. This is the default fall back cipher that is used if the |
---|
| 70 | client asks for a cipher that isn't supported by the server. |
---|
| 71 | |
---|
| 72 | RSA private key files are encrypted by 3DES by default. (Some older |
---|
| 73 | versions encrypted private key files with IDEA, and such key files may |
---|
| 74 | still be around.) |
---|
| 75 | |
---|
| 76 | Performance on a pentium machine is about 45% of "none" encryption. |
---|
| 77 | |
---|
| 78 | You cannot disable it, because the it is mandatory cipher. |
---|
| 79 | |
---|
| 80 | |
---|
| 81 | NONE |
---|
| 82 | ==== |
---|
| 83 | |
---|
| 84 | No encryption at all. This cipher is intended only for testing, and |
---|
| 85 | should not be enabled for normal use. Using no encryption makes SSH |
---|
| 86 | vulnerable to network-level attacks (such as connection hijacking). |
---|
| 87 | There are also more subtle ways to exploit using no encryption, and |
---|
| 88 | servers should not allow such connections at all except when testing |
---|
| 89 | the protocol. |
---|
| 90 | |
---|
| 91 | Using no encryption is used as the reference value for the performance |
---|
| 92 | results indicated for other algorithms (and is represented by the |
---|
| 93 | value 100%). Note that performance depends also on compression, |
---|
| 94 | processor types, network speed, etc. |
---|
| 95 | |
---|
| 96 | You can allow "none" encryption by giving the --with-none option to |
---|
| 97 | configure. Using no encryption is not allowed by default. |
---|