Differences
This shows you the differences between the selected revisions of the page.
| 2015-02-18 | 2016-01-20 | ||
| login dialog was redesigned a while ago (martin) | 5.8.1 Support for ECDSA keys (martin) | ||
| Line 23: | Line 23: | ||
| WinSCP supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use; configuration is similar to [[ui_login_ssh#encryption_options|cipher selection]]. | WinSCP supports a variety of SSH-2 key exchange methods, and allows you to choose which one you prefer to use; configuration is similar to [[ui_login_ssh#encryption_options|cipher selection]]. | ||
| - | WinSCP currently supports the following varieties of Diffie-Hellman and GSS key exchange:· | + | WinSCP currently supports the following key exchange methods: |
| - | * //Group 14//: a well-known 2048-bit group. | + | * //ECDH//: elliptic curve Diffie-Hellman key exchange. |
| - | * //Group 1//: a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software. | + | ··* //Group 14//: Diffie-Hellman key exchange with a well-known 2048-bit group. |
| + | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. This is less secure than group 14, but may be faster with slow client or server machines, and may be the only method supported by older server software. | ||
| * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | * //Group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. We recommend use of this method, if possible. | ||
| - | + | ··* //RSA key exchange//: this requires much less·computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | |
| - | In addition, WinSCP supports //RSA key exchange//, which requires much less | + | |
| - | computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | + | |
| If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | ||