OpenSSH private key encryption: time for AES?

Jim Knoble jmknoble at pobox.com
Tue Jan 20 17:06:35 EST 2009


Hi, all.

So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys
should be, i realized that, if i update my 2048-bit keypairs to 4096
bits, it really doesn't matter that much, because they're still
only encrypted with 3DES, which provides an effective 112 bits of
symmetric encryption strength:

    $ head -4 ~/.ssh/id_rsa
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-EDE3-CBC,XXXXXXXXXXXXXXXX

    $ 

According to NIST[1][2], a minimum of 112-bit symmetric / 2048-bit
asymmetric keystrength is recommended for protection up until about
2030.  For protection beyond 2030, or for the paranoid, larger keysizes
are recommended.  Other recommendations (e.g., those of ECRYPT) vary in
how long 112/2048-bit encryption should last.

With that in mind ... how can i encrypt my 4096-bit SSH RSA keypair with
something like AES-128, AES-256, or Twofish instead of 3DES and still
use it with OpenSSH?  Can ssh-add read (unencrypted) key data from stdin?

____________________
[1] http://csrc.nist.gov/groups/ST/toolkit/key_management.html
[2] http://csrc.nist.gov/groups/ST/toolkit/documents/SP800-57Part1_3-8-07.pdf

-- 
jim knoble  |  jmknoble at pobox.com  |  http://www.pobox.com/~jmknoble/
(GnuPG key ID: C6F31FFA  >>>>>>  http://www.pobox.com/~jmknoble/keys/ )
(GnuPG fingerprint: 99D8:1D89:8C66:08B5:5C34::5527:A543:8C33:C6F3:1FFA)
+----------------------------------------------------------------------+
|[L]iberty, as we all know, cannot flourish in a country that is perma-|
| nently on a war footing, or even a near-war footing.  --Aldous Huxley|
+----------------------------------------------------------------------+


More information about the openssh-unix-dev mailing list