I configured my server to encrypt user passwords using 500,000 rounds of SHA-512.
The question is, how does the standard AES-128-CBC encrypted SSH private key stack up to that, provided the same (or similar length) password/passphrase is used? This must be a human-typeable passphrase, of course, and the lack of entropy in this is (hopefully) the weakest link here. My understanding is that key-strengthening will extend the effort required to brute-force the passphrase, no matter how weak the passphrase is.
It's clear to me that since the public key is public, and can be used to verify the private key, the security of that private key will depend on the passphrase (the length of the RSA key will not factor in to how easy it is to reveal it). I imagine that check would be quite fast, so I would ideally want to increase the number of rounds and use stronger cipher suites so that the process of bruteforcing the passphrase is slowed down.
How much extra security on the passphrase can be gained by using PKCS#8 for a SSH private key?
I'm also wondering about ways to potentially improve upon this. Is there a way to make this encryption
use even more rounds than the default (and still be accepted by ssh)? Also, are there even stronger suites that can be used? I'm dealing with Centos 6.4 here for now (since I like kickstart scripts), so it's probably a good idea not to be messing with the secure program suite if I can help it, but maybe there exists an even stronger symmetric cipher suite than PKCS#8 that can be used?
I want to find a way to make the best use of the ~0.5 second tolerable for successful authentication to help maximize the amount of computation required for brute-forcing.
A prerequisite question would be, is comparing SHA512 and this particular configuration of PKCS#8 apples-to-oranges, even if I am only referring to comparing the security of the passphrase used? What's a good way to compare the difference between them (as applied in these specific situations)?
I guess if I really cared about strengthening I should be looking at scrypt, but there is no native support in the Linux tools for it.
Edit: Interesting. My encrypted private-key on CentOS looks like this:
I suppose this isn't necessarily any worse than AES-128-CBC (which is what my Mac produced).