On Tue, 20 Jan 2009, Jim Knoble wrote:
> Hi, all.
>
> So, in reviewing my OpenSSH keypairs and evaluating the size my RSA keys
> should be, i realized that, if i update my 2048-bit keypairs to 4096
> bits, it really doesn't matter that much, because they're still
> only encrypted with 3DES, which provides an effective 112 bits of
> symmetric encryption strength:
>
> $ head -4 ~/.ssh/id_rsa
> -----BEGIN RSA PRIVATE KEY-----
> Proc-Type: 4,ENCRYPTED
> DEK-Info: DES-EDE3-CBC,XXXXXXXXXXXXXXXX
>
> $
>
> According to NIST[1][2], a minimum of 112-bit symmetric / 2048-bit
> asymmetric keystrength is recommended for protection up until about
> 2030. For protection beyond 2030, or for the paranoid, larger keysizes
> are recommended. Other recommendations (e.g., those of ECRYPT) vary in
> how long 112/2048-bit encryption should last.
>
> With that in mind ... how can i encrypt my 4096-bit SSH RSA keypair with
> something like AES-128, AES-256, or Twofish instead of 3DES and still
> use it with OpenSSH? Can ssh-add read (unencrypted) key data from stdin?
If you want to change it then you can do something like this. It
probably wouldn't hurt to change - new installations will still be able
to read old keys
Index: authfile.c
==================================================================RCS file:
/cvs/src/usr.bin/ssh/authfile.c,v
retrieving revision 1.76
diff -u -p -r1.76 authfile.c
--- authfile.c 3 Aug 2006 03:34:41 -0000 1.76
+++ authfile.c 20 Jan 2009 07:22:48 -0000
@@ -182,7 +182,7 @@ key_save_private_pem(Key *key, const cha
int success = 0;
int len = strlen(_passphrase);
u_char *passphrase = (len > 0) ? (u_char *)_passphrase : NULL;
- const EVP_CIPHER *cipher = (len > 0) ? EVP_des_ede3_cbc() : NULL;
+ const EVP_CIPHER *cipher = (len > 0) ? EVP_aes_256_cbc() : NULL;
if (len > 0 && len <= 4) {
error("passphrase too short: have %d bytes, need > 4", len);