Question about ssh-keygen -a rounds

raf ssh at raf.org
Wed Jul 15 11:51:44 AEST 2020


raf wrote:

> Hi,
> 
> man ssh-keygen says:
> 
>   -a rounds
>      When saving a private key, this option specifies
>      the number of KDF (key derivation function) rounds used.
>      Higher numbers result in slower passphrase verification
>      and increased resistance to brute-force password cracking
>      (should the keys be stolen).
> 
> What constitutes "Higher" here? Is 100 high or is 100000 high?
> 
> What's the default number of rounds in the absence of the -a option?
> Could the default value be added to the manpage?
> 
> cheers,
> raf

I've just checked the source, and the default is 16.
The algorithm is bcrypt. So 16 is probably perfect.
It would be nice for this information to be in the
manpage. Here's a potential patch.

cheers,
raf

--- ssh-keygen.1.orig   2020-07-15 11:42:34.000000000 +1000
+++ ssh-keygen.1        2020-07-15 11:48:28.000000000 +1000
@@ -270,6 +270,7 @@ When saving a private key, this option s
 (key derivation function) rounds used.
 Higher numbers result in slower passphrase verification and increased
 resistance to brute-force password cracking (should the keys be stolen).
+The KDF algorithm is bcrypt. The default number of rounds is 16.
 .It Fl B
 Show the bubblebabble digest of specified private or public key file.
 .It Fl b Ar bits



More information about the openssh-unix-dev mailing list