> From: owner-openssl-us...@openssl.org On Behalf Of Gregory Sloop > Sent: Monday, September 15, 2014 17:14
> I've gone back and re-encrypted the private keys [thanks Dave, again!] > and this is the result from an asn1parse <snipped> > Is that the new format? [It looks like it, but I'm such a "babe in the > woods," > I'd never know either way with any degree of certainty!] Yes, that's PKCS#8 version 2. Note that the header line in PEM is dash-BEGIN ENCRYPTED PRIVATE KEY, *not* specifying a specific algorithm like RSA PRIVATE KEY, EC PRIVATE KEY, etc. That's how software knows it's PKCS#8 and not legacy. Output from commandline 'pkcs8', either v1 or v2, uses many iterations, unless you use '-noiter'. The noticeable difference is v2 offers a better choice of cipher algorithms. An application calling OpenSSL *library* has more options. > One other related question: I assume more PBKDF key rounds increases > the computational difficulty of checking if some password works against the > file. > [It's a trivial cost in general terms for a single or a few operations, but > becomes a > greater and greater burden with an increasing number of tries. Exactly. The goal is you make it "much too long" for an attacker to try lots and lots of passwords looking for the right one, while a legitimate user on a legitimate system takes only a "little" longer. Exactly what is "much" and "little" is a judgement call; OpenSSL commandline's choice of 2048 (below) is not perfect, but better than 1. > (Yes, I know it doesn't *increase* in difficulty for more tries, it's the > same computational > expense - but increasing a particular key "try time/computational cost" by, > say 0.3s is > probably no big deal unless you need to do a few billion a second.) > Do I have that conceptually right? That reads as inconsistent to me: "it doesn't increase" but "increasing [happens]"? But I think you have the idea. A delay of say 0.3s is tolerable for the legitimate user, but 1billion times 0.3s versus 1billion times 0.000001s slows down the attacker. > I read that the number of iterations is 2048. > It appears current versions of the openssl tool now have an option to change > "-iter XXX" where XXX is some number of iterations. [It's in the web/online > manpage, > but not in my Ubuntu 14.04 openssl pkcs8 manpage...] > What version introduced the option to set the number of iterations? > [I'm on 1.0.1f - which I thought should have it.] > I'm trying to do it like this: openssl pkcs8 -topk8 -iter 10000 -v2 > aes-256-cbc <snip> > [And yes, I also understand the risks of specifying the password on the > command line.] Yes, commandline uses the library default which is 2048, in all releases to date. I think the website may come from the repository, suggesting an -iter option (which would be useful) will be in a future release. Or you can get the source, make a small edit, and build and use that. (iter is already a variable, it's just a variable with two values, 1 or 2048, so it's easy to add other values.) Or you can write a (simple) program rather than use commandline. <snip earlier> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
