[openssl-project] To use or not use the iconv API, and to use or not use other libraries
Salz, Rich
rsalz at akamai.com
Mon Jun 11 15:25:23 UTC 2018
> *must* do when getting '-pass8bit' is to do a naïve UTF-8 encode of
the input pass phrase string. PKCS12_generate_mac() will then decode
I disagree.
There are two reasons why users enter "illegal" passwords now, and by now requiring them to make it explicit we can (a) check only for ASCII on current inputs; (b) make them thing about what they're doing and require them to specify; (c) set the expectation that something will change in the future.
More information about the openssl-project
mailing list