The question is a bit tricky because they don't have the same purpose but :
Do both kind of file face the same security issue concerning private key protection : password strength? (PBKDF2 as both are often encrypted using password-based encryption)
I would like to better understand the differences between both formats concerning private key confidentiality.
It turns out that this is pretty interesting stuff.
From the Martin Kleppmann's blog "Improving the security of your SSH private key files" (Posted 2013-06-26. Archived here. HackerNews'd here):
But how do you get from the passphrase to the AES encryption key?
I couldn’t find it documented anywhere, so I had to dig through
the OpenSSL source to find it:
1. Append the first 8 bytes of the IV to the passphrase, without
a separator (serves as a salt).
2. Take the MD5 hash of the resulting string (once).
That’s it.
So this means that there's not much password-to-key-transformation going on. And Martin then recommends using PKCS#8 instead.
But the question was not about PKCS#8 but about PKCS#12.
And the RFC for PKCS#12 says, that there is still a compatibility mode that works similarly. And they say that you should instead use PBKDF2.
Appendix B. Deriving Keys and IVs from Passwords and Salt
Note that this method for password privacy mode is not recommended
and is deprecated for new usage. The procedures and algorithms
defined in PKCS #5 v2.1 [13] [22] should be used instead.
Specifically, PBES2 should be used as encryption scheme, with PBKDF2
as the key derivation function.
Now this implies that both old and new methods can be used. And the new method is safer.
So in summary: PKCS#12 files are potentially safer than the "BEGIN RSA PRIVATE KEY" PEM files.
But: What I CAN'T tell you is how you would find out if a given PKCS#12 file has in fact used the old or the new method. Perhaps some other StackExchange member can chime in?
