Open Bug 1373747 Opened 7 years ago Updated 2 years ago

Allow use of SHA256 HMAC for PBKDF2 in PKCS#12

Categories

(NSS :: Libraries, enhancement, P3)

Product:
NSS
Component:
Libraries
Version:
3.28.2
Type:
enhancement

Tracking

(Not tracked)

People

(Reporter: hkario, Unassigned)

Details

pk12util does not allow setting the PRF used for PBKDF2, always using SHA1.
While SHA1 HMAC is not yet broken, especially for PRF/KDF use, deprecation of it from all uses is good cryptographic practice.

Change the default of the PBKDF2 to SHA256, add APIs/CLI options to set the format for exported file (so it can use SHA-1 for uses where it is necessary).
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.