View Full Version : SFTP versus FTP w/ 128-bit SSL

17-03-2004, 08:07:40
Which is more secure?

Sir Penguin
17-03-2004, 08:26:54
Does SSL use public-key encryption?


17-03-2004, 08:30:34
They both use public/private key cryptography.

Sir Penguin
17-03-2004, 08:31:28
Doesn't SSL secure at the TCP layer rather than the high-level protocol layer? I would think the most secure is SFTP over a 128-bit SSL connection. I dunno.


17-03-2004, 08:33:11
What is the high-level protocol layer, if not a TCP layer?

Sir Penguin
17-03-2004, 08:38:05


17-03-2004, 08:40:28
That is the question.

17-03-2004, 08:41:39
All that the system is concerned with is data transmission.

I'm fairly sure they both work effectively the same way: data is entered, data is encrypted, data is sent, data is decrypted, data is processed.

Sir Penguin
17-03-2004, 08:57:51
What I meant was that SSL encrypts at the TCP layer, whereas SSH encrypts at its own layer, which runs over the TCP layer. I'm not so sure about that now, Google's being confusing. I see that ftps has its own ports (989 and 990), which completely goes against what I was saying.

All other things being equal, I guess a 128-bit SSL session will be less secure than a 2048-bit ssh tunnel. But if you're doing dynamic public-key generation then that doesn't really matter, and it will be faster to do 128-bit encryption.


Greg W
17-03-2004, 09:05:40
Super humungous geek forum!

Oh, wait, hang on... :nervous:

23-03-2004, 18:37:18
But remember... SSL isn't secure. It's 128 bit encryption is really only 58 bit encrypted, and breakable in real time with a simple 1 GHz Pentium 4. That is... if the SSL is backwards compatible. If it isn't then it really is running at 128 bit encryption, and you merely need a top of the line 4 processor box to break it in real time.

The SSH has a few security holes as well, and it doesn't run in full 2048 bit mode, last fire notice I recieved from Homeland Security. Some early version are again WAY down in the encrypt (once again due to the same errors as in the SSL implementation), and you don't need much sand power to break those early imps in real time. The latest requires something a regular smoe is not likely to have though... not for another 3 to 5 years or so, anyways.

Main thing to remember is to use the very LATEST, and do not do any BACKWARDS compatibility if you want to maximize your security. That's because the earlier imps had some serious holes or errors.

Have fun.