The changelog for 1.9.4 claimed that the default PKCS #8 encryption

algorithm had changed to AES-256. This was wrong, it actually changed to AES-128. However in retrospect AES-256 is probably a reasonable move (in particular for the 4 extra rounds; the related key attacks possible against AES-256 are probably not viable since we generate the key using PBKDF2), so update the 1.9.4 changelog to correctly indicate the change made in that release, and also modify PKCS #8 to actually use AES-256.
author: lloyd <[email protected]> 2010-08-13 14:56:54 +0000
committer: lloyd <[email protected]> 2010-08-13 14:56:54 +0000
commit: 71b0809de2d7c5aa79675283c79e24a5424c741f (patch)
tree: f9666816301fda78fde8929e08e42ee92890cbd3 /src/pubkey
parent: 2c4c5b376130b55e092b2aa0ba47b97bfc31962c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/src/pubkey/pkcs8.cpp b/src/pubkey/pkcs8.cpp
index 3c767959f..5eed776be 100644
--- a/src/pubkey/pkcs8.cpp
+++ b/src/pubkey/pkcs8.cpp
@@ -160,7 +160,7 @@ SecureVector<byte> BER_encode(const Private_Key& key,
                               const std::string& pass,
                               const std::string& pbe_algo)
    {
-   const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-128/CBC)";
+   const std::string DEFAULT_PBE = "PBE-PKCS5v20(SHA-1,AES-256/CBC)";
 
    std::auto_ptr<PBE> pbe(get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE)));
author	lloyd <[email protected]>	2010-08-13 14:56:54 +0000
committer	lloyd <[email protected]>	2010-08-13 14:56:54 +0000
commit	71b0809de2d7c5aa79675283c79e24a5424c741f (patch)
tree	f9666816301fda78fde8929e08e42ee92890cbd3 /src/pubkey
parent	2c4c5b376130b55e092b2aa0ba47b97bfc31962c (diff)