Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add support for bcrypt KDF #5323

Closed
hifi opened this issue Feb 11, 2018 · 3 comments
Closed

Add support for bcrypt KDF #5323

hifi opened this issue Feb 11, 2018 · 3 comments

Comments

@hifi
Copy link

hifi commented Feb 11, 2018

Currently no crypto library supports the OpenSSH specific bcrypt KDF which is used with new passphrase protected keys. Only ED25519 private keys default to it at this point but the file format supports all existing key types (DSA, RSA and ECDSA).

There are more than one project that could benefit from that support. Any library/program that works with SSH keys needs to be able to decrypt and encrypt such keys (like libssh) and currently the solution has been to embed the needed code from OpenBSD or OpenSSH portable (bcrypt_pbkdf.c and blowfish.c).

Would it be possible to get this into OpenSSL?

https://github.com/openssh/openssh-portable/blob/master/openbsd-compat/bcrypt_pbkdf.c

@kroeckx
Copy link
Member

kroeckx commented Feb 11, 2018

We would like to move to only implementing things that have been standardized. bcrypt doesn't seem to fit that. rfc8018 only mentions PBKDF1 and PBKDF2, recommending PBKDF2. They seem to have modified PBKDF2.

@hifi
Copy link
Author

hifi commented Feb 11, 2018

That is correct, their implementation is a modified one. If it's a dead end, please close this as WONTFIX for future generations to find this. Thanks.

@richsalz
Copy link
Contributor

Okay, closing. Thanks for checking into it!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants