Differences
This shows you the differences between the selected revisions of the page.
| 2015-02-19 | 2015-02-19 | ||
| limit acronyms recognition (martin) | less emphasis on ssh-1 in encryption section + aes is default cipher since 5.0.8 (martin) | ||
| Line 20: | Line 20: | ||
| ===== Encryption in SSH ===== | ===== Encryption in SSH ===== | ||
| - | SSH clients and servers can use a number of encryption methods. In the older SSH-1 protocol, 3DES and DES are typically used. | + | SSH clients and servers can use a number of encryption methods. |
| - | SSH-2 adds support for additional encryption methods including AES and | + | Most widely used encryption methods in SSH-2 are AES and |
| - | Blowfish. By default, Blowfish is used if supported by the server. While %%AES%% is | + | Blowfish. By default, %%AES%% is used if supported by the server. While %%AES%% is |
| considered to be highly secure, %%AES%% encryption requires substantial processor overhead. Blowfish is also considered | considered to be highly secure, %%AES%% encryption requires substantial processor overhead. Blowfish is also considered | ||
| secure, but with less computational overhead, it's also theoretically | secure, but with less computational overhead, it's also theoretically | ||
| easier to perform a brute-force attack. Depending on your security and | easier to perform a brute-force attack. Depending on your security and | ||
| performance requirements, you may wish to configure WinSCP to prefer | performance requirements, you may wish to configure WinSCP to prefer | ||
| - | the %%AES%% algorithm. %%3DES%% and %%DES%% are used with %%SSH-1%% servers. %%DES%% | + | the %%Blowfish%% algorithm. %%3DES%% and %%DES%% are used with %%SSH-1%% servers. %%DES%% |
| is widely regarded as insecure, as the resources to perform an | is widely regarded as insecure, as the resources to perform an | ||
| exhaustive brute-force attack have been well within the realm of | exhaustive brute-force attack have been well within the realm of | ||