Xshell Forum

Xshell session files and security

Last post: Saturday, August 27, 2016 1:28 AM by Colin Zhang, 3 reply

 
Tuesday, August 2, 2011 8:59 AM - Vinz

Xshell session files and security

 
Hello,

Using Xshell, you can store passwords and passphrases within a session file.

User does not need to enter a master password to decrypt the session files, so this is not cryptography but rather obfuscation.

-What if the session file is stolen?
-What is the obfuscation algorithm?
-Is it possible to have a master password to really encrypt the session passwords?


Program Ver. : Xshell 3
Friday, October 3, 2014 5:58 AM - Holy Cow

Re: Xshell session files and security

 
Dear XShell supporters,
please answer this question,
thanks.
Sunday, October 5, 2014 9:37 PM - Support

Re: Xshell session files and security

 
-What if the session file is stolen?
Password is encrypted using the special set of keys. This is different for all users and machines. However, for added security, we recommend you to use the Master Password feature which mixes user defined key into the encryption.

-What is the obfuscation algorithm?
It is not obfuscating password. Xshell uses RC4 with SHA256.

-Is it possible to have a master password to really encrypt the session passwords?
Master password will add a new key to the encryption algorithm so it is harder to crack the password when the session is stolen.



---
Technical Support
Saturday, August 27, 2016 1:28 AM - Colin Zhang

Re: Xshell session files and security

 
How about Xshell5?
also uses RC4 with SHA256?