Differences
This shows you the differences between the selected revisions of the page.
| 2021-12-06 | 2023-02-13 | ||
| no need to refer to ssh versions (martin) | 6.0 Support for NTRU Prime post-quantum key exchange + Support for more forms of Diffie-Hellman key exchange: new larger integer groups (such as group16 and group18), and support for using those and ECDH with GSSAPI (martin) | ||
| Line 23: | Line 23: | ||
| WinSCP currently supports the following key exchange methods: | WinSCP currently supports the following key exchange methods: | ||
| - | * //ECDH//: elliptic curve Diffie-Hellman key exchange. | + | * //NTRU Prime / Curve25519 hybrid//: Streamlined NTRU Prime is a lattice-based algorithm intended to resist quantum attacks. In this key exchange method, it is run in parallel with a conventional Curve25519-based method (one of those included in //ECDH//, in such a way that it should be no less secure than that commonly-used method, and hopefully also resistant to a new class of attacks. |
| - | * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method instead of the well-known groups, if possible. | + | ··* //ECDH//: elliptic curve Diffie-Hellman key exchange, with a variety of standard curves and hash algorithms. \\ The original form of Diffie-Hellman key exchange, with a variety of well-known groups and hashes: |
| - | * //Group 14//: Diffie-Hellman key exchange with a well-known 2048-bit group.· | + | * //Group 18//, a well-known 8192-bit group, used with the SHA-512 hash function. |
| - | * //RSA key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | + | ···* //Group 17//, a well-known 6144-bit group, used with the %%SHA-512%% hash function. |
| + | * //Group 16//, a well-known 4096-bit group, used with the %%SHA-512%% hash function. | ||
| + | * //Group 15//, a well-known 3072-bit group, used with the %%SHA-512%% hash function. | ||
| + | * //Group 14//: a well-known 2048-bit group, used with the SHA-256 hash function or, if the server doesn't support that, SHA-1. | ||
| + | * //Group 1// : a well-known 1024-bit group, used with the %%SHA-1%% hash function. Neither we nor current SSH standards recommend using this method any longer, and it's not used by default in new installations; however, it may be the only method supported by very old server software. | ||
| + | * //Diffie-Hellman group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for a subsequent Diffie-Hellman key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. This key exchange method uses the %%SHA-256%% hash or, if the server doesn't support that, %%SHA-1%%. | ||
| + | * //RSA-based key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | ||
| * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. We no longer recommend using this method, and it's not used by default; however, it may be the only method supported by very old server software. | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. We no longer recommend using this method, and it's not used by default; however, it may be the only method supported by very old server software. | ||
| Line 34: | Line 40: | ||
| WinSCP supports a set of key exchange methods that also incorporates GSSAPI-based authentication. They are enabled with the //Attempt GSSAPI key exchange// checkbox. | WinSCP supports a set of key exchange methods that also incorporates GSSAPI-based authentication. They are enabled with the //Attempt GSSAPI key exchange// checkbox. | ||
| - | WinSCP can only perform the GSSAPI-authenticated key exchange methods when using Kerberos V5, and not other GSSAPI mechanisms. If the user running WinSCP has current Kerberos V5 credentials, then WinSCP will select the GSSAPI key exchange methods in preference to any of the ordinary SSH key exchange methods configured in the preference list. | + | WinSCP can only perform the GSSAPI-authenticated key exchange methods when using Kerberos V5, and not other GSSAPI mechanisms. If the user running WinSCP has current Kerberos V5 credentials, then WinSCP will select the GSSAPI key exchange methods in preference to any of the ordinary SSH key exchange methods configured in the preference list. There's a GSSAPI-based equivalent to most of the ordinary methods listed is the previous section; server support determines which one will be used. (WinSCP's preference order for GSSAPI-authenticated key exchange methods is fixed, not controlled by the preference list.) |
| The advantage of doing GSSAPI authentication as part of the SSH key exchange is apparent when you are using [[ui_login_authentication#gssapi_delegation|credential delegation]]. The SSH key exchange can be repeated later in the session, and this allows your Kerberos V5 credentials (which are typically short-lived) to be automatically re-delegated to the server when they are refreshed on the client. (This feature is commonly referred to as "cascading credentials".) | The advantage of doing GSSAPI authentication as part of the SSH key exchange is apparent when you are using [[ui_login_authentication#gssapi_delegation|credential delegation]]. The SSH key exchange can be repeated later in the session, and this allows your Kerberos V5 credentials (which are typically short-lived) to be automatically re-delegated to the server when they are refreshed on the client. (This feature is commonly referred to as "cascading credentials".) | ||