From: djm@openbsd.org <djm@openbsd.org>
Date: Thu, 27 Jul 2023 22:23:05 +0000 (+0000)
Subject: upstream: increase default KDF work-factor for OpenSSH format
X-Git-Tag: V_9_4_P1~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=999a2886ca1844a7a74b905e5f2c8c701f9838cd;p=thirdparty%2Fopenssh-portable.git

upstream: increase default KDF work-factor for OpenSSH format

private keys from 16 to 24; { feedback ok } x { deraadt markus }

OpenBSD-Commit-ID: a3afb1383f8ff0a49613d449f02395d9e8d4a9ec
---

diff --git a/sshkey.c b/sshkey.c
index 498922093..727728536 100644
--- a/sshkey.c
+++ b/sshkey.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: sshkey.c,v 1.136 2023/06/21 05:10:26 djm Exp $ */
+/* $OpenBSD: sshkey.c,v 1.137 2023/07/27 22:23:05 djm Exp $ */
 /*
  * Copyright (c) 2000, 2001 Markus Friedl.  All rights reserved.
  * Copyright (c) 2008 Alexander von Gernler.  All rights reserved.
@@ -75,7 +75,7 @@
 #define AUTH_MAGIC		"openssh-key-v1"
 #define SALT_LEN		16
 #define DEFAULT_CIPHERNAME	"aes256-ctr"
-#define	DEFAULT_ROUNDS		16
+#define	DEFAULT_ROUNDS		24
 
 /* Version identification string for SSH v1 identity files. */
 #define LEGACY_BEGIN		"SSH PRIVATE KEY FILE FORMAT 1.1\n"