Add support for bcrypt KDF #5323
Comments
|
We would like to move to only implementing things that have been standardized. bcrypt doesn't seem to fit that. rfc8018 only mentions PBKDF1 and PBKDF2, recommending PBKDF2. They seem to have modified PBKDF2. |
|
That is correct, their implementation is a modified one. If it's a dead end, please close this as WONTFIX for future generations to find this. Thanks. |
|
Okay, closing. Thanks for checking into it! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently no crypto library supports the OpenSSH specific bcrypt KDF which is used with new passphrase protected keys. Only ED25519 private keys default to it at this point but the file format supports all existing key types (DSA, RSA and ECDSA).
There are more than one project that could benefit from that support. Any library/program that works with SSH keys needs to be able to decrypt and encrypt such keys (like libssh) and currently the solution has been to embed the needed code from OpenBSD or OpenSSH portable (bcrypt_pbkdf.c and blowfish.c).
Would it be possible to get this into OpenSSL?
https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bcrypt_pbkdf.c
The text was updated successfully, but these errors were encountered: