Differences
This shows you the differences between the selected revisions of the page.
| 2025-01-28 | 2025-01-28 | ||
| 6.4.2 Implement the post-quantum ML-KEM key encapsulation method. ml-kem (martin) | dash for better rendering (martin) | ||
| Line 23: | Line 23: | ||
| WinSCP currently supports the following key exchange methods: | WinSCP currently supports the following key exchange methods: | ||
| - | * //NTRU Prime / Curve25519 hybrid//: Streamlined NTRU Prime is a lattice-based algorithm intended to resist quantum attacks. In this key exchange method, it is run in parallel with a conventional Curve25519-based method (one of those included in //ECDH//, in such a way that it should be no less secure than that commonly-used method, and hopefully also resistant to a new class of attacks. | + | * //NTRU Prime / Curve25519 hybrid// – Streamlined NTRU Prime is a lattice-based algorithm intended to resist quantum attacks. In this key exchange method, it is run in parallel with a conventional Curve25519-based method (one of those included in //ECDH//, in such a way that it should be no less secure than that commonly-used method, and hopefully also resistant to a new class of attacks. |
| - | * //ML-KEM / Curve25519 hybrid// and //ML-KEM NIST ECDH hybrid//: similar hybrid constructs of //ML-KEM//, another lattice-based key exchange method intended to be quantum-resistant. In the former, ML-KEM is hybridised with Curve25519; in the latter, with NIST P384 or P256. &beta_feature | + | * //ML-KEM / Curve25519 hybrid// and //ML-KEM NIST ECDH hybrid// – similar hybrid constructs of //ML-KEM//, another lattice-based key exchange method intended to be quantum-resistant. In the former, ML-KEM is hybridised with Curve25519; in the latter, with NIST P384 or P256. &beta_feature |
| - | * //ECDH//: elliptic curve Diffie-Hellman key exchange, with a variety of standard curves and hash algorithms. \\ The original form of Diffie-Hellman key exchange, with a variety of well-known groups and hashes: | + | * //ECDH// – elliptic curve Diffie-Hellman key exchange, with a variety of standard curves and hash algorithms. \\ The original form of Diffie-Hellman key exchange, with a variety of well-known groups and hashes: |
| - | * //Group 18//, a well-known 8192-bit group, used with the SHA-512 hash function. | + | * //Group 18// – a well-known 8192-bit group, used with the SHA-512 hash function. |
| - | * //Group 17//, a well-known 6144-bit group, used with the %%SHA-512%% hash function. | + | * //Group 17// – a well-known 6144-bit group, used with the %%SHA-512%% hash function. |
| - | * //Group 16//, a well-known 4096-bit group, used with the %%SHA-512%% hash function. | + | * //Group 16// – a well-known 4096-bit group, used with the %%SHA-512%% hash function. |
| - | * //Group 15//, a well-known 3072-bit group, used with the %%SHA-512%% hash function. | + | * //Group 15// – a well-known 3072-bit group, used with the %%SHA-512%% hash function. |
| - | * //Group 14//: a well-known 2048-bit group, used with the SHA-256 hash function or, if the server doesn't support that, SHA-1. | + | * //Group 14// – a well-known 2048-bit group, used with the SHA-256 hash function or, if the server doesn't support that, SHA-1. |
| - | * //Group 1// : a well-known 1024-bit group, used with the %%SHA-1%% hash function. Neither we nor current SSH standards recommend using this method any longer, and it's not used by default in new installations; however, it may be the only method supported by very old server software. | + | * //Group 1// – a well-known 1024-bit group, used with the %%SHA-1%% hash function. Neither we nor current SSH standards recommend using this method any longer, and it's not used by default in new installations; however, it may be the only method supported by very old server software. |
| - | * //Diffie-Hellman group exchange//: with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for a subsequent Diffie-Hellman key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. This key exchange method uses the %%SHA-256%% hash or, if the server doesn't support that, %%SHA-1%%. | + | * //Diffie-Hellman group exchange// – with this method, instead of using a fixed group, WinSCP requests that the server suggest a group to use for a subsequent Diffie-Hellman key exchange; the server can avoid groups known to be weak, and possibly invent new ones over time, without any changes required to WinSCP's configuration. This key exchange method uses the %%SHA-256%% hash or, if the server doesn't support that, %%SHA-1%%. |
| - | * //RSA-based key exchange//: this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. | + | * //RSA-based key exchange// – this requires much less computational effort on the part of the client, and somewhat less on the part of the server, than Diffie-Hellman key exchange. |
| - | * //Group 1//: Diffie-Hellman key exchange with a well-known 1024-bit group. We no longer recommend using this method, and it's not used by default; however, it may be the only method supported by very old server software. | + | * //Group 1// – Diffie-Hellman key exchange with a well-known 1024-bit group. We no longer recommend using this method, and it's not used by default; however, it may be the only method supported by very old server software. |
| If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | If the first algorithm WinSCP finds is below the //warn below here// line, you will see a warning box when you make the connection, similar to that for [[ui_login_ssh#encryption_options|cipher selection]]. | ||