On Sun, 26 May 2013, Florian Kirstein wrote: > Hi, > > On Sat, May 25, 2013 at 10:37:44AM -0500, Jonathan Brown wrote: > > Please also increase the iteration amount to be optionally user specified. > > This way you we can dramaticly slow down a potential brute force attack > > against a captured key. > > While using OpenSSL to increase the security of OpenSSH private keys > by adding PBKDF2 iterations to it, I also hit that issue - and built a > small patch for OpenSSL to be able to specify the number of rounds.
PBKDF2 with an inner hash of SHAanything is a losing game: offline crackers can run the hash much faster than the user can even without special hardware, e.g. using GPU parallelism. Even the special hardware is relatively cheap these days, with 1Thash/sec available for a few hundred dollars in the form of bitcoin mining hardware. Please consider allowing a choice of algorithms including bcrypt and/or scrypt as the KDF (I can send you our proposal for a bcrypt_kdf if you are interested). Is there any likelihood that OpenSSL are going to look at improving the private key KDF soon? If not then I'll make something OpenSSH- specific for private key storage. -d ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
