Switch from TripleDES to AES-256 for private key encryption by

default. OpenSSL 0.9.8 understands keys encrypted like this fine, which was the big reason for holding back on this before IIRC. AES-256 was chosen over AES-128 not for the longer key length (it's a password hash so unlikely to have more than 96 bits of entropy) but for the extra 4 rounds of AES-256 vs AES-128.
author: lloyd <[email protected]> 2009-12-26 17:02:01 +0000
committer: lloyd <[email protected]> 2009-12-26 17:02:01 +0000
commit: 4400704b743fdf13e903c228cec5a20fce265a5d (patch)
tree: 0ca6fce5bbc6b77ca7de8bcb83424ee5a1886340
parent: 0d524165735b925f6aeb4c8c3934c79071018025 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/pk_codecs/pkcs8.cpp b/src/pubkey/pk_codecs/pkcs8.cpp
index f287e1e63..d0954df39 100644
--- a/src/pubkey/pk_codecs/pkcs8.cpp
+++ b/src/pubkey/pk_codecs/pkcs8.cpp
@@ -168,7 +168,7 @@ void encrypt_key(const Private_Key& key,
                  const std::string& pass, const std::string& pbe_algo,
                  X509_Encoding encoding)
    {
-   const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,TripleDES/CBC)";
+   const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)";
 
    Pipe raw_key;
    raw_key.start_msg();
author	lloyd <[email protected]>	2009-12-26 17:02:01 +0000
committer	lloyd <[email protected]>	2009-12-26 17:02:01 +0000
commit	4400704b743fdf13e903c228cec5a20fce265a5d (patch)
tree	0ca6fce5bbc6b77ca7de8bcb83424ee5a1886340
parent	0d524165735b925f6aeb4c8c3934c79071018025 (diff)