Recently, I committed support for a new authenticated encryption cipher for OpenSSH, [email protected]. This cipher combines two primitives from Daniel J. Bernstein: the ChaCha20 cipher and the Poly1305 MAC (Message Authentication Code) and was inspired by Adam Langley’s similar proposal for TLS. Having an authenticated encryption mode that is based on a stream cipher allows us to encrypt the packet lengths again. An active attacker can still play games by fiddling with the packet length, but doing so will reveal nothing about the packet payloads.”]
Source: http://blog.djm.net.au/2013/11/chacha20-and-poly1305-in-openssh.html