Xshell session files and security [3]

Xshell session files and security

Tuesday, August 2, 2011 8:59 AM - Vinz

Hello,

Using Xshell, you can store passwords and passphrases within a session file.

User does not need to enter a master password to decrypt the session files, so this is not cryptography but rather obfuscation.

-What if the session file is stolen?
-What is the obfuscation algorithm?
-Is it possible to have a master password to really encrypt the session passwords?


Program Ver. : Xshell 3


Re: Xshell session files and security

Friday, October 3, 2014 5:58 AM - Holy Cow

Dear XShell supporters,
please answer this question,
thanks.


Re: Xshell session files and security

Sunday, October 5, 2014 9:37 PM - Support

-What if the session file is stolen?
Password is encrypted using the special set of keys. This is different for all users and machines. However, for added security, we recommend you to use the Master Password feature which mixes user defined key into the encryption.

-What is the obfuscation algorithm?
It is not obfuscating password. Xshell uses RC4 with SHA256.

-Is it possible to have a master password to really encrypt the session passwords?
Master password will add a new key to the encryption algorithm so it is harder to crack the password when the session is stolen.



---
Technical Support


Re: Xshell session files and security

Saturday, August 27, 2016 1:28 AM - Colin Zhang

How about Xshell5?
also uses RC4 with SHA256?


Previous views: 281