On Sat, Aug 04, 2018 at 02:24:39PM +0800, Luke W Faraone wrote: > The bcrypt KDF key format was released as part of OpenSSH 6.5 in 2014. > It provides greater resistance against brute-force attacks on encrypted > private keys, and is now widely compatible. > > We should use it by default. I'm happy to work on a patch if it would be > accepted.
I'm not opposed, but I can't answer whether it would be accepted, because it needs to go upstream. Could you raise this with upstream directly? Either https://bugzilla.mindrot.org/ or the openssh-unix-dev list (https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev) would be a good place. Thanks, -- Colin Watson [[email protected]]
