On Sat, Jul 16, 2011, Damien Miller wrote: > Hi, > > I'm a bit concerned about the protection afforded by the PEM format to > private keys against offline brute-force attacks. PEM seems to use a > decent KDF, but uses a fixed iteration count of 1. Am I correct in my > understanding that this cannot be changed without breaking the format? > PEM is pretty convenient, and way more widely used than (say) PKCS12 so > it makes sense to defend it well. >
The "traditional" encryption uses a fixed iteration count of 1 yes. The PKCS#8 format which is transparently supported when reading key uses an iteration count of 2048 by default. You can convert using the pkcs8 utility and specify higher counts. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
