[
https://issues.apache.org/jira/browse/SSHD-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718819#comment-16718819
]
Thomas Wolf commented on SSHD-708:
----------------------------------
{quote}What I am trying to do is prevent some kind of "attack" by providing a
malicious (or corrupted) value that would cause the code to "hang" by executing
a very large number of round\{quote}
OpenSSH doesn't limit this; any value in the range [1 .. INT_MAX] is allowed.
IMO we shouldn't worry about unreasonably large values here; this is reading a
_private_ key of a user. If the user created that key with 2**30 rounds, so be
it. The code should just guard against rounds < 1.
Re attribution: of course it's a community effort. But with so many changes and
the code I provided spread even over two commits, one authored by you and a
second small one with my name on it, it isn't really worth the trouble. It's no
big deal; just that I would have done this differently. (Merge the PR, maybe
with just a little amend to remove the {{MessageFormat}}, then rebase my own
work on top of that merge and continue from there on.) But as I said, no big
deal.
> Add support for password encrypted OpenSSH private key files
> ------------------------------------------------------------
>
> Key: SSHD-708
> URL: https://issues.apache.org/jira/browse/SSHD-708
> Project: MINA SSHD
> Issue Type: Improvement
> Affects Versions: 1.4.0
> Reporter: Goldstein Lyor
> Assignee: Goldstein Lyor
> Priority: Minor
> Fix For: 2.1.1
>
>
> The current code supports only reading un-encrypted private key files
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
