Fix Vagrant::Util::Keypair::Rsa.create Use of a broken or weak cryptographic algorithm

[opsysdebug]

fix the problem, replace the use of the weak des3 cipher with a strong, modern cipher such as aes-256-cbc when encrypting the private key. This involves changing the argument to OpenSSL::Cipher.new from 'des3' to 'aes-256-cbc' on line 147. No other changes are required, as OpenSSL supports this cipher natively and the rest of the code does not depend on the specific cipher used. This change is limited to the lib/vagrant/util/keypair.rb file, specifically within the Vagrant::Util::Keypair::Rsa.create method.

References

NIST, FIPS 140 Annex a: Approved Security Functions
NIST, SP 800-131A: Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
OWASP: Rule - Use strong approved cryptographic algorithms

[hashicorp-cla-app]

All committers have signed the CLA.

[hashicorp-cla-app]

Thank you for your submission! We require that all contributors sign our Contributor License Agreement ("CLA") before we can accept the contribution. Read and sign the agreement

Learn more about why HashiCorp requires a CLA and what the CLA includes

_{Have you signed the CLA already but the status is still pending? Recheck it.}