upstream: Specify that the KDF function is bcrypt. Based on github

PR#214 from rafork, ok markus@, mdoc correction jmc@

OpenBSD-Commit-ID: d8f2853e7edbcd483f31b50da77ab80ffa18b4ef
This commit is contained in:
dtucker@openbsd.org 2020-11-17 11:23:58 +00:00 committed by Darren Tucker
parent 5b9720f9ad
commit 85cceda21f
1 changed files with 5 additions and 3 deletions

View File

@ -1,4 +1,4 @@
.\" $OpenBSD: ssh-keygen.1,v 1.210 2020/10/26 00:39:04 dtucker Exp $
.\" $OpenBSD: ssh-keygen.1,v 1.211 2020/11/17 11:23:58 dtucker Exp $
.\"
.\" Author: Tatu Ylonen <ylo@cs.hut.fi>
.\" Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -35,7 +35,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: October 26 2020 $
.Dd $Mdocdate: November 17 2020 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@ -274,7 +274,9 @@ This is used by
to generate new host keys.
.It Fl a Ar rounds
When saving a private key, this option specifies the number of KDF
(key derivation function) rounds used.
(key derivation function, currently
.Xr bcrypt_pbkdf 3 )
rounds used.
Higher numbers result in slower passphrase verification and increased
resistance to brute-force password cracking (should the keys be stolen).
The default is 16 rounds.