diff options
author | lloyd <[email protected]> | 2010-08-13 14:56:54 +0000 |
---|---|---|
committer | lloyd <[email protected]> | 2010-08-13 14:56:54 +0000 |
commit | 71b0809de2d7c5aa79675283c79e24a5424c741f (patch) | |
tree | f9666816301fda78fde8929e08e42ee92890cbd3 /src/pubkey/pkcs8.cpp | |
parent | 2c4c5b376130b55e092b2aa0ba47b97bfc31962c (diff) |
The changelog for 1.9.4 claimed that the default PKCS #8 encryption
algorithm had changed to AES-256. This was wrong, it actually changed
to AES-128. However in retrospect AES-256 is probably a reasonable
move (in particular for the 4 extra rounds; the related key attacks
possible against AES-256 are probably not viable since we generate the
key using PBKDF2), so update the 1.9.4 changelog to correctly indicate
the change made in that release, and also modify PKCS #8 to actually
use AES-256.
Diffstat (limited to 'src/pubkey/pkcs8.cpp')
-rw-r--r-- | src/pubkey/pkcs8.cpp | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp index 3c767959f..5eed776be 100644 --- a/src/pubkey/pkcs8.cpp +++ b/src/pubkey/pkcs8.cpp @@ -160,7 +160,7 @@ SecureVector<byte> BER_encode(const Private_Key& key, const std::string& pass, const std::string& pbe_algo) { - const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)"; + const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-256/CBC)"; std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE))); |