Hi, In ssh-keygen, if I set the number of rounds to a non default value using -a option and then change the passphrase or the comment: $ ssh-keygen -t ed25519 -Pfoobar -a 100 -f test $ ssh-keygen -c -C "foobar comment" -Pfoobar -f test The number of rounds is reset to the default value. I find this annoying because if I set the number of rounds to a given high number for security, I don't want it to be reduce behind my back when I change the passphrase or the comment. So, I have created patches to change this and make sure the number of rounds is preserved if it is not forced when changing the comment or passphrase. I will send them in the following emails. There are based on the portable git (|https://anongit.mindrot.org/openssh.git).| I'm open to your comments (in particular, I'm not pleased with the name of the struct sshkey_vault). Also, I'm wondering if the comment itself shouldn't be move to this structure. Also, I'm considering to add more field to this structure, like the salt and cypher, in order to add a feature that display the information about the keyfile (type, cypher type, key derivation type, number of rounds, comment...) Thank you Best regards Loïc _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
