Magnus Nyström wrote:
Stephen Henson's first approach is similar to the approach taken in the
new version (2.0) of PKCS#5, where the same problem previously existed -
pbe algorithms where (unnecessarily) tied to particular encryption
algorithms (e.g pbeWithMD5AndDES-CBC). My personal opinion is that Stephen
Hensons proposal is to be preferred, due to it's dynamic nature.
It was because of what happened with PKCS#5 and its variants and
extensions (PFX, PKCS#12 and vendor specific hacks and horrors) that I
made the suggestion.
Dr Stephen N. Henson. UK based freelance Cryptographic Consultant.
For info see homepage at http://www.drh-consultancy.demon.co.uk/
PGP key: via homepage.