SSH.NET icon indicating copy to clipboard operation
SSH.NET copied to clipboard

Published 20 hours ago verified publisher icon sshnet

Investigate using BouncyCastle for bcrypt

Open Rob-Hague opened this issue 5 months ago • 0 comments

We support encrypted OpenSSH keys (defined at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key) for which we have a bcrypt implementation (from somewhere) for the key derivation (kdf).

Now that we depend on BouncyCastle and have replaced a lot of internal crypto with a BouncyCastle implementation, we may also be able to use https://github.com/bcgit/bc-csharp/blob/master/crypto/src/crypto/generators/BCrypt.cs

As far as I can tell, the OpenSSH kdf does a little bit on top of straight bcrypt, probably encapsulated here:

https://github.com/sshnet/SSH.NET/blob/fe827a529a002b679fa29d146029244340e21d3f/src/Renci.SshNet/Security/Cryptography/Bcrypt.cs#L853

It may be possible to replace all or some of our Bcrypt.cs with BouncyCastle

Rob-Hague avatar Sep 01 '24 10:09 Rob-Hague