diff options
author | lloyd <[email protected]> | 2009-12-26 17:02:01 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2009-12-26 17:02:01 +0000 |
commit | 4400704b743fdf13e903c228cec5a20fce265a5d (patch) | |
tree | 0ca6fce5bbc6b77ca7de8bcb83424ee5a1886340 /src/pubkey/pk_codecs | |
parent | 0d524165735b925f6aeb4c8c3934c79071018025 (diff) |
Switch from TripleDES to AES-256 for private key encryption by
default. OpenSSL 0.9.8 understands keys encrypted like this fine,
which was the big reason for holding back on this before IIRC.
AES-256 was chosen over AES-128 not for the longer key
length (it's a password hash so unlikely to have more than 96 bits of
entropy) but for the extra 4 rounds of AES-256 vs AES-128.
Diffstat (limited to 'src/pubkey/pk_codecs')
-rw-r--r-- | src/pubkey/pk_codecs/pkcs8.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/pk_codecs/pkcs8.cpp b/src/pubkey/pk_codecs/pkcs8.cpp index f287e1e63..d0954df39 100644 --- a/src/pubkey/pk_codecs/pkcs8.cpp +++ b/src/pubkey/pk_codecs/pkcs8.cpp @@ -168,7 +168,7 @@ void encrypt_key(const Private_Key& key, const std::string& pass, const std::string& pbe_algo, X509_Encoding encoding) { - const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,TripleDES/CBC)"; + const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)"; Pipe raw_key; raw_key.start_msg(); |