MD2, MD4, and MD5 are cryptographic message-digest algorithms that take a message of arbitrary length
and generate a 128-bit message digest. In MD5, the message is processed in 512-bit blocks in four distinct
rounds.
MDC2 is a method to construct hash functions with 128-bit output from block ciphers. These functions are an
implementation of MDC2 with DES.
RIPEMD is a cryptographic hash function with 160-bit output.
The Secure Hash Algorithm (SHA) is a cryptographic hash function with 160-bit output. It is defined in the
Federal Information Processing Standard - FIPS 180. SHA-1 sequentially processes blocks of 512 bits when
computing a message digest.
5.12.2 Secure Shell
Secure Shell (SSH) is a network protocol that provides a replacement for insecure remote login and command
execution facilities such as telnet, rlogin, and Remote Shell (rsh). SSH encrypts traffic, preventing
traffic sniffing and password theft.
On a local system, the user starts the SSH client to open a connection to a remote server running the sshd
daemon. If the user is authenticated successfully, an interactive session is initiated, allowing the user to run
commands on the remote system. SSH is not a shell in the sense of a command interpreter, but it permits the
use of a shell on the remote system.
In addition to interactive logins, the user can tunnel TCP network connections through the existing channel,
allowing the use of X11 and other network-based applications, and copy files through the use of the scp and
sftp tools. OpenSSH is configured to use the PAM framework for authentication, authorization, account
maintenance, and session maintenance. Password expiration and locking are handled through the appropriate
PAM functions.
Communication between the SSH client and SSH server uses the SSH protocol, version 2.0. The SSH
protocol requires that each host have a host specific key. When the SSH client initiates a connection, the keys
are exchanged using the Diffe-Hellman protocol. A session key is generated, and all traffic is encrypted using
this session key and the agreed-upon algorithm.
Default encryption algorithms supported by SSH are 3DES (triple DES) and blowfish. The default can be
overridden by providing the list in the server configuration file with the “ciphers” keyword.
The default message authentication code algorithms supported by SSH are SHA-1 and MD5. The default can
be overridden by providing the list in the server configuration file with the keyword MACs. Refer to Section
5.12.1.4.3 of this document for brief descriptions of these algorithms.
Encryption is provided by the OpenSSL package, which is a separate software package. The following
briefly describes the default SSH setup with respect to encryption, integrity check, certificate format, and key
exchange protocol.
• Encryption: The default cipher used by SSH is 3des-cbc (three-key 3DES in CBC mode). The 3des-
cbc cipher is three key triple-DES (encrypt-decrypt-encrypt), where the first 8 bytes of the key are
used for the first encryption, the next 8 bytes for the decryption, and the following 8 bytes for the
final encryption. This requires 24 bytes of key data, of which 168 bits are actually used. To
implement CBC mode, outer chaining must be used. That is, there is only one initialization vector.
This is a block cipher with 8 byte blocks. This algorithm is defined in [SCHNEIR].
• Integrity check: Data integrity is protected by including a message authentication code (MAC) with
each packet that is computed from a shared secret, packet sequence number, and the contents of the
packet. The message authentication algorithm and key are negotiated during key exchange. Initially,
no MAC will be in effect, and its length must be zero. After key exchange, the selected MAC will be
computed before encryption from the concatenation of packet data:
190