8.2.13.2 Options affecting passphrase hashing
All of the following options only affect keys saved with passphrases. They control how much work is required to decrypt the key (which happens every time you type its passphrase). This allows you to trade off the cost of legitimate use of the key against the resistance of the encrypted key to password-guessing attacks.
These options only affect PPK version 3.
-
Key derivation function
-
The variant of the Argon2 key derivation function to use. You might change this if you consider your exposure to side-channel attacks to be different to the norm.
-
Memory to use for passphrase hash
-
The amount of memory needed to decrypt the key, in Kbyte.
-
Time to use for passphrase hash
-
Controls how much time is required to attempt decrypting the key. You can either specify an approximate time in milliseconds (on this machine), or explicitly specify a number of hash passes (which is what the time is turned into during encryption).
-
Parallelism for passphrase hash
-
Number of parallelisable threads that can be used to decrypt the key. The default, 1, forces the process to run single-threaded, even on machines with multiple cores.