1 | BLOWFISH |
---|
2 | ======== |
---|
3 | |
---|
4 | Bruce Schneier's block cipher that was designed to be a fast and free |
---|
5 | alternative to existing encryption algorithms. It is unpatented and |
---|
6 | license-free. SSH version uses a 128-bit key for Blowfish (the |
---|
7 | algorithm allows anything from 32 to 448 bits). |
---|
8 | |
---|
9 | Performance on a pentium machine is about 88% of "none" encryption. |
---|
10 | |
---|
11 | You can disable it by giving the --without-blowfish option to |
---|
12 | configure. It is ON by default. |
---|
13 | |
---|
14 | |
---|
15 | ARCFOUR |
---|
16 | ======= |
---|
17 | |
---|
18 | Arcfour is a stream cipher that supports variable length keys (SSH |
---|
19 | uses it with 128 bit keys). Arcfour is compatible with the RC4 cipher |
---|
20 | (RC4 is a trademark of RSA Data Security). Arcfour is quite fast. |
---|
21 | |
---|
22 | There are some problems in the way arcfour is used in SSH 1.x. Because |
---|
23 | of this, it is disabled by default. Arcfour can be enabled by giving |
---|
24 | --with-arcfour to configure; however, this will introduce security |
---|
25 | problems if the attacker can perform active network-level attacks. The |
---|
26 | problems are fixed in SSH 2.x. |
---|
27 | |
---|
28 | Performance on a pentium machine is about 91% of "none" encryption. |
---|
29 | |
---|
30 | The SSH client automatically switches to blowfish, if arcfour is |
---|
31 | requested but not supported. This allows old scripts and config files |
---|
32 | to work even now that arcfour is disabled by default. A warning is |
---|
33 | printed when this happens. |
---|
34 | |
---|
35 | |
---|
36 | IDEA |
---|
37 | ==== |
---|
38 | |
---|
39 | A 128-bit block cipher. Faster than 3DES, but slower than Arcfour and |
---|
40 | Blowfish. The IDEA algorithm is patented in many countries, and the |
---|
41 | patent holder disallows commercial use (their definition of |
---|
42 | commercial use include connections from one corporation to another |
---|
43 | corporation). |
---|
44 | |
---|
45 | Performance on a pentium machine is about 64% of "none" encryption. |
---|
46 | |
---|
47 | You can disable IDEA by giving the --without-idea option to configure. It is |
---|
48 | ON by default. |
---|
49 | |
---|
50 | |
---|
51 | DES |
---|
52 | === |
---|
53 | |
---|
54 | A 56-bit block cipher. About three times faster than 3DES, but slower |
---|
55 | than Arcfour and Blowfish. The 56-bit key length is too small for real |
---|
56 | security, so you should not enable this unless it is crucial for you |
---|
57 | to support DES (e.g. due to company policy). |
---|
58 | |
---|
59 | Performance on a pentium machine is about 71% of "none" encryption. |
---|
60 | |
---|
61 | You can enable DES by giving the --with-des option to configure. It is OFF |
---|
62 | by default. |
---|
63 | |
---|
64 | |
---|
65 | 3DES |
---|
66 | ==== |
---|
67 | |
---|
68 | Three-key triple-DES (effective key length of about 112 bits) in inner |
---|
69 | CBC-mode. This is the default fall back cipher that is used if the |
---|
70 | client asks for a cipher that isn't supported by the server. |
---|
71 | |
---|
72 | RSA private key files are encrypted by 3DES by default. (Some older |
---|
73 | versions encrypted private key files with IDEA, and such key files may |
---|
74 | still be around.) |
---|
75 | |
---|
76 | Performance on a pentium machine is about 45% of "none" encryption. |
---|
77 | |
---|
78 | You cannot disable it, because the it is mandatory cipher. |
---|
79 | |
---|
80 | |
---|
81 | TSS |
---|
82 | === |
---|
83 | |
---|
84 | Timo Rinne's own cipher. Not recommended, because it is mainly |
---|
85 | experimantal and not supported. |
---|
86 | |
---|
87 | You can enable it by giving --with-tss option to configure. It is OFF |
---|
88 | by default. |
---|
89 | |
---|
90 | |
---|
91 | NONE |
---|
92 | ==== |
---|
93 | |
---|
94 | No encryption at all. This cipher is intended only for testing, and |
---|
95 | should not be enabled for normal use. Using no encryption makes SSH |
---|
96 | vulnerable to network-level attacks (such as connection hijacking). |
---|
97 | There are also more subtle ways to exploit using no encryption, and |
---|
98 | servers should not allow such connections at all except when testing |
---|
99 | the protocol. |
---|
100 | |
---|
101 | Using no encryption is used as the reference value for the performance |
---|
102 | results indicated for other algorithms (and is represented by the |
---|
103 | value 100%). Note that performance depends also on compression, |
---|
104 | processor types, network speed, etc. |
---|
105 | |
---|
106 | You can allow "none" encryption by giving the --with-none option to |
---|
107 | configure. Using no encryption is not allowed by default. |
---|