Bug#905407: ssh-keygen: Use new OpenSSH key format by default

To: Luke W Faraone <lfaraone@debian.org>, 905407@bugs.debian.org
Subject: Bug#905407: ssh-keygen: Use new OpenSSH key format by default
From: Colin Watson <cjwatson@debian.org>
Date: Sat, 4 Aug 2018 13:23:17 +0100
Message-id: <[🔎] 20180804122317.ppgojuvumayvtdag@riva.ucam.org>
Reply-to: Colin Watson <cjwatson@debian.org>, 905407@bugs.debian.org
In-reply-to: <[🔎] 153336387909.8061.15661521207050680009.reportbug@zinc.sfba.luke.wf>
References: <[🔎] 153336387909.8061.15661521207050680009.reportbug@zinc.sfba.luke.wf> <[🔎] 153336387909.8061.15661521207050680009.reportbug@zinc.sfba.luke.wf>

On Sat, Aug 04, 2018 at 02:24:39PM +0800, Luke W Faraone wrote:
> The bcrypt KDF key format was released as part of OpenSSH 6.5 in 2014.
> It provides greater resistance against brute-force attacks on encrypted
> private keys, and is now widely compatible.
> 
> We should use it by default. I'm happy to work on a patch if it would be
> accepted.

I'm not opposed, but I can't answer whether it would be accepted,
because it needs to go upstream.  Could you raise this with upstream
directly?  Either https://bugzilla.mindrot.org/ or the openssh-unix-dev
list (https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) would
be a good place.

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

Reply to:

References:
- Bug#905407: ssh-keygen: Use new OpenSSH key format by default
  - From: Luke W Faraone <lfaraone@debian.org>

Prev by Date: Bug#905407: ssh-keygen: Use new OpenSSH key format by default
Next by Date: Fix tunnel forwarding broken in 7.7p1
Previous by thread: Bug#905407: ssh-keygen: Use new OpenSSH key format by default
Next by thread: Bug#905407: marked as done (ssh-keygen: Use new OpenSSH key format by default)
Index(es):
- Date
- Thread