aboutsummaryrefslogtreecommitdiffstats
path: root/src/pubkey/pkcs8.cpp
diff options
context:
space:
mode:
authorlloyd <[email protected]>2010-08-13 14:56:54 +0000
committerlloyd <[email protected]>2010-08-13 14:56:54 +0000
commit71b0809de2d7c5aa79675283c79e24a5424c741f (patch)
treef9666816301fda78fde8929e08e42ee92890cbd3 /src/pubkey/pkcs8.cpp
parent2c4c5b376130b55e092b2aa0ba47b97bfc31962c (diff)
The changelog for 1.9.4 claimed that the default PKCS #8 encryption
algorithm had changed to AES-256. This was wrong, it actually changed to AES-128. However in retrospect AES-256 is probably a reasonable move (in particular for the 4 extra rounds; the related key attacks possible against AES-256 are probably not viable since we generate the key using PBKDF2), so update the 1.9.4 changelog to correctly indicate the change made in that release, and also modify PKCS #8 to actually use AES-256.
Diffstat (limited to 'src/pubkey/pkcs8.cpp')
-rw-r--r--src/pubkey/pkcs8.cpp2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp
index 3c767959f..5eed776be 100644
--- a/src/pubkey/pkcs8.cpp
+++ b/src/pubkey/pkcs8.cpp
@@ -160,7 +160,7 @@ SecureVector<byte> BER_encode(const Private_Key& key,
const std::string& pass,
const std::string& pbe_algo)
{
- const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)";
+ const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-256/CBC)";
std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE)));