Looking at PBES2 and PBMAC1 in PKCS12, it seems algorithm identifiers for HmacSHA*** (like SHA***) always contain NULL as params. If this is true, we can update the list at AlgorithmId.encode(DOS).