About the SFTP function

The SFTP function supports a variety of encryption algorithms for secure file transfers. To ensure compatibility with a wide range of servers, several encryption algorithms are supported, including some that may not comply with current security best practices.

Encryption algorithms supported by the SFTP function

The following encryption algorithms are supported.

Key exchange algorithms

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512
  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1

Host key algorithms

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ssh-ed25519
  • ssh-rsa
  • ssh-dss

Ciphers

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr
  • aes256-cbc
  • rijndael-cbc@lysator.liu.se
  • aes192-cbc
  • aes128-cbc
  • blowfish-cbc
  • arcfour128
  • arcfour
  • cast128-cbc
  • 3des-cbc

MACs

  • hmac-sha2-256
  • hmac-sha2-512
  • hmac-sha1
  • hmac-sha1-96
  • hmac-md5
  • hmac-md5-96
  • hmac-ripemd160
  • hmac-ripemd160@openssh.com

About recommended encryption algorithms

Based on the NIST Recommendations (NIST SP 800-57 Part 1, Revision 5) and related security standards, the following encryption algorithms are recommended.

Key exchange algorithms

  • curve25519-sha256
  • curve25519-sha256@libssh.org
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • diffie-hellman-group-exchange-sha256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group18-sha512

Host key algorithms

  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
  • ecdsa-sha2-nistp256-cert-v01@openssh.com
  • ecdsa-sha2-nistp384-cert-v01@openssh.com
  • ecdsa-sha2-nistp521-cert-v01@openssh.com
  • ssh-ed25519

Ciphers

  • aes128-ctr
  • aes192-ctr
  • aes256-ctr

MACs

  • hmac-sha2-256
  • hmac-sha2-512

About deprecated algorithms

The SFTP function also supports the following algorithms for compatibility reasons, but they are deprecated based on the NIST Recommendations (NIST SP 800-57 Part 1, Revision 5) and related security standards and may be removed in future versions.

Key exchange algorithms

  • diffie-hellman-group14-sha256
  • diffie-hellman-group14-sha1
  • diffie-hellman-group1-sha1
  • diffie-hellman-group-exchange-sha1

Host key algorithms

  • ssh-dss
  • ssh-rsa

Ciphers

  • rijndael-cbc@lysator.liu.se
  • blowfish-cbc
  • arcfour128
  • arcfour
  • cast128-cbc
  • 3des-cbc
  • aes128-cbc
  • aes192-cbc
  • aes256-cbc

MACs

  • hmac-sha1
  • hmac-sha1-96
  • hmac-md5
  • hmac-md5-96
  • hmac-ripemd160
  • hmac-ripemd160@openssh.com

Connection compatibility

The SFTP function is designed to balance security and compatibility. Currently, we support deprecated algorithms for the following reasons, but we may remove these algorithms in future versions to enhance security.

  • Freelance photographers and videographers need to connect to servers operated by various clients.
  • Compatibility with older systems and legacy servers must be maintained.
  • Changing the encryption algorithm settings on the server side is complex, and not all users are prepared to change to a secure setting.
  • SFTP server settings are often shared with other secure services, so it is necessary to consider the impact on other services on the server, and changes may not always be easy to implement.
  • To ensure interoperability in different environments, support for a wide range of cryptographic algorithms is necessary.

The encryption algorithm used during SFTP connection is determined by automatic negotiation with the destination server, so it depends on the server's settings. While we are aware of the security risks, we currently prioritize broad compatibility in order to meet the diverse needs of our users.

Security risks

The use of deprecated algorithms increases the vulnerability of SHA-1 based algorithms and DSA keys to man-in-the-middle attacks, the risk of server identity spoofing, and the possibility of cryptanalysis with older encryption algorithms (e.g., 3DES and RC4 variants), which can expose data in transit.

Recommendations for a secure connection

When using the SFTP client function, check in advance whether the server to which you are connecting supports the recommended encryption algorithms. We recommend that you enable only the recommended algorithms and disable non-recommended algorithms on the server side.


References

  • Recommendation for Key Management, Special Publication 800-57 Part 1 Revision 5, NIST, 2020.
  • Transitioning the Use of Cryptographic Algorithms and Key Lengths, Special Publication 800-131A Revision 2, NIST, 2019.
  • Recommendation for Block Cipher Modes of Operation: The CMAC Mode for Authentication, Special Publication 800-38B, NIST, 2005 (includes updates as of 10/06/2016).
Go to Page Top
TP1002013388