Xshell session files and security [3]
Xshell session files and security
Tuesday, August 2, 2011 8:59 AM - Vinz
Hello,
Using Xshell, you can store passwords and passphrases within a session file.
User does not need to enter a master password to decrypt the session files, so this is not cryptography but rather obfuscation.
-What if the session file is stolen?
-What is the obfuscation algorithm?
-Is it possible to have a master password to really encrypt the session passwords?
Program Ver. : Xshell 3
Using Xshell, you can store passwords and passphrases within a session file.
User does not need to enter a master password to decrypt the session files, so this is not cryptography but rather obfuscation.
-What if the session file is stolen?
-What is the obfuscation algorithm?
-Is it possible to have a master password to really encrypt the session passwords?
Program Ver. : Xshell 3
Re: Xshell session files and security
Friday, October 3, 2014 5:58 AM - Holy Cow
Dear XShell supporters,
please answer this question,
thanks.
please answer this question,
thanks.
Re: Xshell session files and security
Sunday, October 5, 2014 9:37 PM - Support
-What if the session file is stolen?
Password is encrypted using the special set of keys. This is different for all users and machines. However, for added security, we recommend you to use the Master Password feature which mixes user defined key into the encryption.
-What is the obfuscation algorithm?
It is not obfuscating password. Xshell uses RC4 with SHA256.
-Is it possible to have a master password to really encrypt the session passwords?
Master password will add a new key to the encryption algorithm so it is harder to crack the password when the session is stolen.
---
Technical Support
Password is encrypted using the special set of keys. This is different for all users and machines. However, for added security, we recommend you to use the Master Password feature which mixes user defined key into the encryption.
-What is the obfuscation algorithm?
It is not obfuscating password. Xshell uses RC4 with SHA256.
-Is it possible to have a master password to really encrypt the session passwords?
Master password will add a new key to the encryption algorithm so it is harder to crack the password when the session is stolen.
---
Technical Support
Re: Xshell session files and security
Saturday, August 27, 2016 1:28 AM - Colin Zhang
How about Xshell5?
also uses RC4 with SHA256?
also uses RC4 with SHA256?
Previous views: 281