Home
|
FAQ
|
Feedback
|
Licence
|
Updates
|
Mirrors
|
Keys
|
Links
|
Team
Download:
Stable
·
Pre-release
·
Snapshot
|
Docs
|
Privacy
|
Changes
|
Wishlist
PuTTY doesn't support the "arcfour" (RC4) cipher in SSH-2. Arcfour is notable for being substantially faster than any cipher that PuTTY currently supports. Unfortunately, the way it's specified for SSH-2, without discarding the first 1024 bytes of keystream, it's rather weaker than it could be (though not dangerously so). On the other hand, not being a CBC-mode block cipher, it doesn't suffer from the problems described in ssh2-cbc-weakness.
Using arcfour (or any other stream cipher) in SSH-1 would be a very bad idea. The lack of a MAC makes it very easy for an attacker to modify the data stream.
Update: Ben Harris has written an Internet-Draft (draft-harris-ssh-arcfour-fixes, now RFC 4345) describing a way of using Arcfour reasonably securely with SSH-2, and PuTTY now implements this. Note that this document defines the "arcfour256" and "arcfour128" ciphers; PuTTY still does not support the less secure "arcfour" cipher, and we have no plans to make it do so.
(Support was first added in 2005-04-22, but uonly under private names defined in an earlier draft: "arcfour256-draft-00@putty.projects.tartarus.org" and so on. Only from 2005-09-04 do we support the IETF names, which also appear in OpenSSH from 4.2.)