Fix terrible defaults in terrible code implementing terrible standards (PKCS8, PKCS12, probably others)

Open botovq opened this issue 7 months ago • 2 comments

See https://github.com/pyca/cryptography/issues/12949 pbeWithMD5AndDES-CBC it's just ridiculous.

May 20 '25 18:05 botovq

The PKCS#8 part of this is now fixed and this will also fix a few things in PKCS#7. We may need to look into doing RFC 9579 or RFC 9579bis. This requires some ASN.1 shuffling and seems less than ideal, too.

May 25 '25 02:05 botovq

If libressl were to add scrypt, that wouldn't be the worst thing :-)

May 25 '25 19:05 alex