Update openssh for PBKDF features
| Originator: | me | ||
| Number: | rdar://17262939 | Date Originated: | 2014-16-12 |
| Status: | Duplicate | Resolved: | 2015-07-06 |
| Product: | OS X | Product Version: | 10.10 |
| Classification: | Enhancement | Reproducible: | N/A |
Summary: openssh introduced a new private key format that allows for what is essentially PBKDF to better protect private keys from brute force attacks by making verification take as long as desired. A good summary: http://www.tedunangst.com/flak/post/new-openssh-key-format-and-bcrypt-pbkdf Steps to Reproduce: Here's what the too-old openssh does when you try to use the new feature: 1. Open Terminal.app 2. Input "ssh-keygen -b 4096 -f .ssh/key_test -o -a 200". the -a option specifies the number of rounds to slow potential attackers down. The article above suggests 1000 as taking 30 seconds on their hardware. Expected Results: openssh prompts me for a passphrase and a key is generated. Actual Results: "ssh-keygen: illegal option -- o" Version: OS X 10.10 14A238x
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!