[ https://issues.apache.org/jira/browse/SSHD-708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16718819#comment-16718819 ]
Thomas Wolf commented on SSHD-708: ---------------------------------- {quote}What I am trying to do is prevent some kind of "attack" by providing a malicious (or corrupted) value that would cause the code to "hang" by executing a very large number of round\{quote} OpenSSH doesn't limit this; any value in the range [1 .. INT_MAX] is allowed. IMO we shouldn't worry about unreasonably large values here; this is reading a _private_ key of a user. If the user created that key with 2**30 rounds, so be it. The code should just guard against rounds < 1. Re attribution: of course it's a community effort. But with so many changes and the code I provided spread even over two commits, one authored by you and a second small one with my name on it, it isn't really worth the trouble. It's no big deal; just that I would have done this differently. (Merge the PR, maybe with just a little amend to remove the {{MessageFormat}}, then rebase my own work on top of that merge and continue from there on.) But as I said, no big deal. > Add support for password encrypted OpenSSH private key files > ------------------------------------------------------------ > > Key: SSHD-708 > URL: https://issues.apache.org/jira/browse/SSHD-708 > Project: MINA SSHD > Issue Type: Improvement > Affects Versions: 1.4.0 > Reporter: Goldstein Lyor > Assignee: Goldstein Lyor > Priority: Minor > Fix For: 2.1.1 > > > The current code supports only reading un-encrypted private key files -- This message was sent by Atlassian JIRA (v7.6.3#76005)