

New openssh key format and bcrypt pbkdf - beagle3
http://www.tedunangst.com/flak/post/new-openssh-key-format-and-bcrypt-pbkdf

======
zaroth
Good to see this step in the right direction.

The private key should be encrypted such that the only way to know if you
guessed the right password it is to try to login. Some formats, like putty
ppk, add an unencrypted checksum in the file, which allow a local check to see
if decryption was successful. Way to make offline attacks easy! You'll see a
line like:

    
    
       "Private-MAC: A1B2..."
    

For example, instead of PKCS#1
([http://tools.ietf.org/html/rfc3447#page-7](http://tools.ietf.org/html/rfc3447#page-7))
just store the encrypted private exponent (an integer) with nothing else. Do
not store 'n' (RSA modulus) within the ciphertext. Do not keep the public key
file on the same server.

