Deprecating RC4 in Secure Shell (SSH) cyberstorm.mu
Mauritius logan@cyberstorm.mu
Security curdle This document deprecates RC4 in Secure Shell (SSH). Therefore, this document formally moves RFC 4345 to Historic status.
Introduction The usage of RC4 suites (also designated as "arcfour") for SSH is specified in and . specifies the allocation of the "arcfour" cipher for SSH. specifies and allocates the "arcfour128" and "arcfour256" ciphers for SSH. RC4 encryption has known weaknesses ; therefore, this document starts the deprecation process for their use in Secure Shell (SSH) . Accordingly, is updated to note the deprecation of the RC4 ciphers, and is moved to Historic status, as all ciphers it specifies MUST NOT be used.
Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.
Updates to RFC 4253 is updated to prohibit arcfour's use in SSH. allocates the "arcfour" cipher by defining a list of defined ciphers in which the "arcfour" cipher appears as optional, as shown in .
arcfour OPTIONAL the ARCFOUR stream cipher with a 128-bit key
This document updates the status of the "arcfour" ciphers in the list found in by moving it from OPTIONAL to MUST NOT.
arcfour MUST NOT the ARCFOUR stream cipher with a 128-bit key
defines the "arcfour" ciphers with the following text:
The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is believed to be compatible with the RC4 cipher . Arcfour (and RC4) has problems with weak keys, and should be used with caution.
This document updates by replacing the text above with the following text:
The "arcfour" cipher is the Arcfour stream cipher with 128-bit keys. The Arcfour cipher is compatible with the RC4 cipher . Arcfour (and RC4) has known weaknesses and MUST NOT be used.
IANA Considerations The IANA has updated the "Encryption Algorithm Names" subregistry in the "Secure Shell (SSH) Protocol Parameters" registry . The registration procedure is IETF review, which is achieved by this document. The registry has been updated as follows:
Encryption Algorithm Name Reference Note
arcfour RFC 8758 HISTORIC
arcfour128 RFC 8758 HISTORIC
arcfour256 RFC 8758 HISTORIC
Security Considerations This document only prohibits the use of RC4 in SSH; it introduces no new security considerations.
References Normative References Informative References Applied Cryptography Second Edition: Protocols, Algorithms, and Source in Code in C Secure Shell (SSH) Protocol Parameters
Acknowledgements The author would like to thank , , and .