https://bugzilla.mindrot.org/show_bug.cgi?id=3975
Bug ID: 3975
Summary: ssh-keygen.1 documents the -a KDF rounds default as
16, but sshkey.c defines DEFAULT_ROUNDS as 24
Product: Portable OpenSSH
Version: 10.4p1
Hardware: Other
OS: Linux
Status: NEW
Severity: trivial
Priority: P5
Component: ssh-keygen
Assignee: [email protected]
Reporter: [email protected]
Version:
OpenSSH portable 10.4p1 (on Debian, source via `apt source
openssh-client`).
openssh-portable master also shows DEFAULT_ROUNDS 24 as of 2026-07-06:
https://github.com/openssh/openssh-portable/blob/c10e04980300eab089f71aaada8b28fd878ee729/ssh-keygen.1#L292
https://github.com/openssh/openssh-portable/blob/c10e04980300eab089f71aaada8b28fd878ee729/sshkey.c#L75
Description:
ssh-keygen.1 states that the -a default is 16 rounds, but sshkey.c
defines
DEFAULT_ROUNDS as 24.
Both facts below come from the same 10.4p1 source tree. I wrote a small
script:
```bash
#!/bin/bash
set -euo pipefail
tmpdir=$(mktemp -d)
cleanup() { rm -rf "$tmpdir"; }
trap cleanup EXIT
cd "$tmpdir"
apt source openssh-client
cd openssh-*/
grep -nHE 'default is [0-9]+ rounds' ssh-keygen.1
grep -nHE '^#define\s+DEFAULT_ROUNDS\s+[0-9]+' *.c
```
Output on Debian:
```text
ssh-keygen.1:288:The default is 16 rounds.
sshkey.c:75:#define DEFAULT_ROUNDS 24
```
So a key generated with a passphrase and no explicit -a is encrypted
at 24 rounds (sshkey_private_to_blob2 substitutes DEFAULT_ROUNDS when
the
caller passes none), while ssh-keygen.1 tells the user it is 16.
Proposed fix:
Update "The default is 16 rounds." in ssh-keygen.1 to 24.
Proposed diff (against openssh-portable master):
```diff
diff --git a/ssh-keygen.1 b/ssh-keygen.1
index 33f78fe39..23c87bc86 100644
--- a/ssh-keygen.1
+++ b/ssh-keygen.1
@@ -289,7 +289,7 @@ When saving a private key, this option specifies
the number of KDF
rounds used.
Higher numbers result in slower passphrase verification and increased
resistance to brute-force password cracking (should the keys be
stolen).
-The default is 16 rounds.
+The default is 24 rounds.
.It Fl B
Show the bubblebabble digest of specified private or public key file.
.It Fl b Ar bits
```
--
You are receiving this mail because:
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
[email protected]
https://lists.mindrot.org/mailman/listinfo/openssh-bugs