Closed naftulikay closed 9 years ago
stribika
commented
9 years ago Even the new format used with the -o flag? The ssh-keygen ... -o -a $n uses n iterations. I set it to 100 and that takes about a second. A million rounds would take ~2 hours. Even with ssh-agent, that's a little inconvenient. People would go mad if they mistyped their passwords just once.
stribika
commented
9 years ago OK, so this is what the new format does:
naftulikay
commented
9 years ago The new format is good.
I'm not sure what distros this new format comes in, but Ubuntu 12.04 doesn't have it AFAIK. What's the version of SSH you need?
1M rounds of PBKDF as specified in the link above runs for about 1-2 seconds on a fast machine, FYI.
I'm referring to this article.
One thing you've overlooked is how
ssh-keygenstores your keys. The format sucks and is easy to bruteforce and uses broken/archaic crypto. You're better off storing your keys in PKCS#8 which uses PBKDF2 for key derivation, see: https://security.stackexchange.com/questions/39896/how-to-get-a-million-rounds-of-pkcs8-pbkdf2-with-opensslI submitted a patch to OpenSSL which allows custom iteration count for PKCS#8 containers when creating them from the command-line. This patch was accepted on 2014/06/03, so if you have a version later than that, you'll be able to do it.
Some caveats: Ubuntu 12.04 and potentially later versions don't like PKCS#8 containers for the GNOME Keyring Daemon. Other software exists for keyring daemons which do accept PKCS#8 containers for private keys. I've also been able to use these keys on CyanogenMod 11. Your mileage may vary, but this is something that people should be aware of that are reading your excellent article.