ssh encryption strength

Jonathan Morace jmorace at u.washington.edu
Sun Feb 6 11:20:28 PST 2000 

The key length of the ciphers cannot be changed.  There is a server key
and host key which can be changed though.  These keys must be atleast 512
bits, but 1024 is typical.

The length of the cipher key depends on which cipher you are using.
DES  = 64 bit - parity bits = 56 bit
3DES = 192 bit - parity bits = 168 bit
  Splits into 3 DES keys, does encrypt, decrypt, encrypt with DES
IDEA = 128 bit
RC4 = 128 bit
Blowfish = 128 bit

Just don't use DES and RC4.  They aren't nearly as secure as the others
and many servers don't support them anymore.

Jonathan

On Sun, 6 Feb 2000, J. Kyllo wrote:

>Ahh.  Is it known whether the keylength can be changed?  I'm using ssh's X
>forwarding which basically listens on the remote (server) side for x apps
>and encrypts and forwards them across the secure connection.  It's very
>cool.  I am currently connected through a dial-in connection to a non-uw
>isp and managed to run Eterm from my Linux box in Haggett through Dante
>and to my place.  Slow, but it worked!
>
>-Jeff
>
>------------------------------------------------
>Help Linux get the device drivers it needs:
>http://www.libranet.com/petition.html
>
>On Sun, 6 Feb 2000, T. Tam wrote:
>
>> I'm no security expert, but I think SSH 1.27 uses 3DES, 56bit keylength.
>> I remember someone telling me once that that's rougly equivlaent to 128
>> bit DES (I don't know why it's not equivalent to 3x56bit...).  So, it is
>> fairly secure.
>> 
>> Now, the question is, what are you forwarding thru ssh?  Are you
>> forwarding the port that X runs on, or are you just forwarding the magic
>> cookies for authentication?
>> 
>> -=- Terence
>> 
>> On Sat, 5 Feb 2000, J. Kyllo wrote:
>> 
>> > I was just using the X11 forwarding of SSH and started to think about
>> > something.  I know the connection is encrypted, but how long is the key
>> > that's used, i.e. although the cypher might be good, the key should be
>> > long too.  Something to ponder, anyway.
>> > 
>> > Thanks,
>> > Jeff K.
>> > 
>> > ------------------------------------------------
>> > Help Linux get the device drivers it needs:
>> > http://www.libranet.com/petition.html
>> > 
>> > 
>> 
>> 
>
>

More information about the Linux mailing list