[Bug 1550] New: Move from 3DES to AES-256 for private key encryption

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Fri Jan 23 07:03:41 EST 2009


https://bugzilla.mindrot.org/show_bug.cgi?id=1550

           Summary: Move from 3DES to AES-256 for private key encryption
           Product: Portable OpenSSH
           Version: 5.1p1
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: patch
          Severity: enhancement
          Priority: P2
         Component: ssh-keygen
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: jmknoble at pobox.com


Created an attachment (id=1597)
 --> (http://bugzilla.mindrot.org/attachment.cgi?id=1597)
Patch from Damien Miller to enable AES-256 in ssh-keygen

Date: Tue, 20 Jan 2009 01:06:35 -0500
From: Jim Knoble <jmknoble at pobox.com>
To: OpenSSH Devel <openssh-unix-dev at mindrot.org>
Subject: OpenSSH private key encryption: time for AES?
Message-ID: <20090120060635.GA29074 at crawfish.ais.com>
Mail-Followup-To: OpenSSH Devel <openssh-unix-dev at mindrot.org>

Hi, all.

So, in reviewing my OpenSSH keypairs and evaluating the size my RSA
keys
should be, i realized that, if i update my 2048-bit keypairs to 4096
bits, it really doesn't matter that much, because they're still
only encrypted with 3DES, which provides an effective 112 bits of
symmetric encryption strength:

    $ head -4 ~/.ssh/id_rsa
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,XXXXXXXXXXXXXXXX

    $ 

According to NIST[1][2], a minimum of 112-bit symmetric / 2048-bit
asymmetric keystrength is recommended for protection up until about
2030.  For protection beyond 2030, or for the paranoid, larger keysizes
are recommended.  Other recommendations (e.g., those of ECRYPT) vary in
how long 112/2048-bit encryption should last.

With that in mind ... how can i encrypt my 4096-bit SSH RSA keypair
with
something like AES-128, AES-256, or Twofish instead of 3DES and still
use it with OpenSSH?  Can ssh-add read (unencrypted) key data from
stdin?

____________________
[1] http://csrc.nist.gov/groups/ST/toolkit/key_management.html
[2]
http://csrc.nist.gov/groups/ST/toolkit/documents/SP800-57Part1_3-8-07.pdf

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list