| 1 | BLOWFISH |
|---|
| 2 | ======== |
|---|
| 3 | |
|---|
| 4 | Bruce Schneier's block cipher that was designed to be a fast and free |
|---|
| 5 | alternative to existing encryption algorithms. It is unpatented and |
|---|
| 6 | license-free. SSH version uses a 128-bit key for Blowfish (the |
|---|
| 7 | algorithm allows anything from 32 to 448 bits). |
|---|
| 8 | |
|---|
| 9 | Performance on a pentium machine is about 88% of "none" encryption. |
|---|
| 10 | |
|---|
| 11 | You can disable it by giving the --without-blowfish option to |
|---|
| 12 | configure. It is ON by default. |
|---|
| 13 | |
|---|
| 14 | |
|---|
| 15 | ARCFOUR |
|---|
| 16 | ======= |
|---|
| 17 | |
|---|
| 18 | Arcfour is a stream cipher that supports variable length keys (SSH |
|---|
| 19 | uses it with 128 bit keys). Arcfour is compatible with the RC4 cipher |
|---|
| 20 | (RC4 is a trademark of RSA Data Security). Arcfour is quite fast. |
|---|
| 21 | |
|---|
| 22 | There are some problems in the way arcfour is used in SSH 1.x. Because |
|---|
| 23 | of this, it is disabled by default. Arcfour can be enabled by giving |
|---|
| 24 | --with-arcfour to configure; however, this will introduce security |
|---|
| 25 | problems if the attacker can perform active network-level attacks. The |
|---|
| 26 | problems are fixed in SSH 2.x. |
|---|
| 27 | |
|---|
| 28 | Performance on a pentium machine is about 91% of "none" encryption. |
|---|
| 29 | |
|---|
| 30 | The SSH client automatically switches to blowfish, if arcfour is |
|---|
| 31 | requested but not supported. This allows old scripts and config files |
|---|
| 32 | to work even now that arcfour is disabled by default. A warning is |
|---|
| 33 | printed when this happens. |
|---|
| 34 | |
|---|
| 35 | |
|---|
| 36 | IDEA |
|---|
| 37 | ==== |
|---|
| 38 | |
|---|
| 39 | A 128-bit block cipher. Faster than 3DES, but slower than Arcfour and |
|---|
| 40 | Blowfish. The IDEA algorithm is patented in many countries, and the |
|---|
| 41 | patent holder disallows commercial use (their definition of |
|---|
| 42 | commercial use include connections from one corporation to another |
|---|
| 43 | corporation). |
|---|
| 44 | |
|---|
| 45 | Performance on a pentium machine is about 64% of "none" encryption. |
|---|
| 46 | |
|---|
| 47 | You can disable IDEA by giving the --without-idea option to configure. It is |
|---|
| 48 | ON by default. |
|---|
| 49 | |
|---|
| 50 | |
|---|
| 51 | DES |
|---|
| 52 | === |
|---|
| 53 | |
|---|
| 54 | A 56-bit block cipher. About three times faster than 3DES, but slower |
|---|
| 55 | than Arcfour and Blowfish. The 56-bit key length is too small for real |
|---|
| 56 | security, so you should not enable this unless it is crucial for you |
|---|
| 57 | to support DES (e.g. due to company policy). |
|---|
| 58 | |
|---|
| 59 | Performance on a pentium machine is about 71% of "none" encryption. |
|---|
| 60 | |
|---|
| 61 | You can enable DES by giving the --with-des option to configure. It is OFF |
|---|
| 62 | by default. |
|---|
| 63 | |
|---|
| 64 | |
|---|
| 65 | 3DES |
|---|
| 66 | ==== |
|---|
| 67 | |
|---|
| 68 | Three-key triple-DES (effective key length of about 112 bits) in inner |
|---|
| 69 | CBC-mode. This is the default fall back cipher that is used if the |
|---|
| 70 | client asks for a cipher that isn't supported by the server. |
|---|
| 71 | |
|---|
| 72 | RSA private key files are encrypted by 3DES by default. (Some older |
|---|
| 73 | versions encrypted private key files with IDEA, and such key files may |
|---|
| 74 | still be around.) |
|---|
| 75 | |
|---|
| 76 | Performance on a pentium machine is about 45% of "none" encryption. |
|---|
| 77 | |
|---|
| 78 | You cannot disable it, because the it is mandatory cipher. |
|---|
| 79 | |
|---|
| 80 | |
|---|
| 81 | TSS |
|---|
| 82 | === |
|---|
| 83 | |
|---|
| 84 | Timo Rinne's own cipher. Not recommended, because it is mainly |
|---|
| 85 | experimantal and not supported. |
|---|
| 86 | |
|---|
| 87 | You can enable it by giving --with-tss option to configure. It is OFF |
|---|
| 88 | by default. |
|---|
| 89 | |
|---|
| 90 | |
|---|
| 91 | NONE |
|---|
| 92 | ==== |
|---|
| 93 | |
|---|
| 94 | No encryption at all. This cipher is intended only for testing, and |
|---|
| 95 | should not be enabled for normal use. Using no encryption makes SSH |
|---|
| 96 | vulnerable to network-level attacks (such as connection hijacking). |
|---|
| 97 | There are also more subtle ways to exploit using no encryption, and |
|---|
| 98 | servers should not allow such connections at all except when testing |
|---|
| 99 | the protocol. |
|---|
| 100 | |
|---|
| 101 | Using no encryption is used as the reference value for the performance |
|---|
| 102 | results indicated for other algorithms (and is represented by the |
|---|
| 103 | value 100%). Note that performance depends also on compression, |
|---|
| 104 | processor types, network speed, etc. |
|---|
| 105 | |
|---|
| 106 | You can allow "none" encryption by giving the --with-none option to |
|---|
| 107 | configure. Using no encryption is not allowed by default. |
|---|
