- dtucker@cvs.openbsd.org 2009/10/24 00:48:34

[ssh-keygen.1] ssh-keygen now uses AES-128 for private keys
author: Darren Tucker <dtucker@zip.com.au> 2009-10-24 11:50:17 +1100
committer: Darren Tucker <dtucker@zip.com.au> 2009-10-24 11:50:17 +1100
commit: 199ee6ff0727cd339c246b6b859a0ded14b366a4 (patch)
tree: 8ecc61f232fcf1ec6aa7bdeb139845b780941c2d
parent: 2f29a8caba867a2b0c32772de705657de726dcca (diff)
2 files changed, 8 insertions, 5 deletions
diff --git a/ChangeLog b/ChangeLog
index 53dcc62fd..449aeed31 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -24,6 +24,9 @@
     [sshconnect2.c]
     disallow a hostile server from checking jpake auth by sending an
     out-of-sequence success message. (doesn't affect code enabled by default)
+   - dtucker@cvs.openbsd.org 2009/10/24 00:48:34
+     [ssh-keygen.1]
+     ssh-keygen now uses AES-128 for private keys
 20091011
 - (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 3596cc174..9e59c16f7 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
-.\"     $OpenBSD: ssh-keygen.1,v 1.79 2008/07/24 23:55:30 sthen Exp $
+.\"     $OpenBSD: ssh-keygen.1,v 1.80 2009/10/24 00:48:34 dtucker Exp $
 .\"
 .\"  -*- nroff -*-
 .\"
@@ -37,7 +37,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.Dd $Mdocdate: July 24 2008 $
+.Dd $Mdocdate: October 24 2009 $
 .Dt SSH-KEYGEN 1
 .Os
 .Sh NAME
@@ -393,7 +393,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES.
+used to encrypt the private part of this file using 128-bit AES.
 This file is not automatically accessed by
 .Nm
 but it is offered as the default file for the private key.
@@ -411,7 +411,7 @@ Contains the protocol version 2 DSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES.
+used to encrypt the private part of this file using 128-bit AES.
 This file is not automatically accessed by
 .Nm
 but it is offered as the default file for the private key.
@@ -429,7 +429,7 @@ Contains the protocol version 2 RSA authentication identity of the user.
 This file should not be readable by anyone but the user.
 It is possible to
 specify a passphrase when generating the key; that passphrase will be
-used to encrypt the private part of this file using 3DES.
+used to encrypt the private part of this file using 128-bit AES.
 This file is not automatically accessed by
 .Nm
 but it is offered as the default file for the private key.
author	Darren Tucker <dtucker@zip.com.au>	2009-10-24 11:50:17 +1100
committer	Darren Tucker <dtucker@zip.com.au>	2009-10-24 11:50:17 +1100
commit	199ee6ff0727cd339c246b6b859a0ded14b366a4 (patch)
tree	8ecc61f232fcf1ec6aa7bdeb139845b780941c2d
parent	2f29a8caba867a2b0c32772de705657de726dcca (diff)

diff --git a/ChangeLog b/ChangeLog index 53dcc62fd..449aeed31 100644 --- a/ChangeLog +++ b/ChangeLog
@@ -24,6 +24,9 @@
24	[sshconnect2.c]	24	[sshconnect2.c]
25	disallow a hostile server from checking jpake auth by sending an	25	disallow a hostile server from checking jpake auth by sending an
26	out-of-sequence success message. (doesn't affect code enabled by default)	26	out-of-sequence success message. (doesn't affect code enabled by default)
		27	- dtucker@cvs.openbsd.org 2009/10/24 00:48:34
		28	[ssh-keygen.1]
		29	ssh-keygen now uses AES-128 for private keys
27		30
28	20091011	31	20091011
29	- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for	32	- (dtucker) [configure.ac sftp-client.c] Remove the gyrations required for


diff --git a/ssh-keygen.1 b/ssh-keygen.1 index 3596cc174..9e59c16f7 100644 --- a/ssh-keygen.1 +++ b/ssh-keygen.1
@@ -1,4 +1,4 @@
1	.\" $OpenBSD: ssh-keygen.1,v 1.79 2008/07/24 23:55:30 sthen Exp $	1	.\" $OpenBSD: ssh-keygen.1,v 1.80 2009/10/24 00:48:34 dtucker Exp $
2	.\"	2	.\"
3	.\" -- nroff --	3	.\" -- nroff --
4	.\"	4	.\"
@@ -37,7 +37,7 @@
37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	37	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	38	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
39	.\"	39	.\"
40	.Dd $Mdocdate: July 24 2008 $	40	.Dd $Mdocdate: October 24 2009 $
41	.Dt SSH-KEYGEN 1	41	.Dt SSH-KEYGEN 1
42	.Os	42	.Os
43	.Sh NAME	43	.Sh NAME
@@ -393,7 +393,7 @@ Contains the protocol version 1 RSA authentication identity of the user.
393	This file should not be readable by anyone but the user.	393	This file should not be readable by anyone but the user.
394	It is possible to	394	It is possible to
395	specify a passphrase when generating the key; that passphrase will be	395	specify a passphrase when generating the key; that passphrase will be
396	used to encrypt the private part of this file using 3DES.	396	used to encrypt the private part of this file using 128-bit AES.
397	This file is not automatically accessed by	397	This file is not automatically accessed by
398	.Nm	398	.Nm
399	but it is offered as the default file for the private key.	399	but it is offered as the default file for the private key.
@@ -411,7 +411,7 @@ Contains the protocol version 2 DSA authentication identity of the user.
411	This file should not be readable by anyone but the user.	411	This file should not be readable by anyone but the user.
412	It is possible to	412	It is possible to
413	specify a passphrase when generating the key; that passphrase will be	413	specify a passphrase when generating the key; that passphrase will be
414	used to encrypt the private part of this file using 3DES.	414	used to encrypt the private part of this file using 128-bit AES.
415	This file is not automatically accessed by	415	This file is not automatically accessed by
416	.Nm	416	.Nm
417	but it is offered as the default file for the private key.	417	but it is offered as the default file for the private key.
@@ -429,7 +429,7 @@ Contains the protocol version 2 RSA authentication identity of the user.
429	This file should not be readable by anyone but the user.	429	This file should not be readable by anyone but the user.
430	It is possible to	430	It is possible to
431	specify a passphrase when generating the key; that passphrase will be	431	specify a passphrase when generating the key; that passphrase will be
432	used to encrypt the private part of this file using 3DES.	432	used to encrypt the private part of this file using 128-bit AES.
433	This file is not automatically accessed by	433	This file is not automatically accessed by
434	.Nm	434	.Nm
435	but it is offered as the default file for the private key.	435	but it is offered as the default file for the private key.