-
Enhancement
-
Resolution: Fixed
-
P3
-
5.0
-
b65
-
x86
-
windows_xp
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8210516 | 7u211 | Ivan Gerasimov | P3 | Resolved | Fixed | b01 |
| JDK-8219296 | openjdk7u | Vincent Ryan | P3 | Resolved | Fixed | master |
A DESCRIPTION OF THE REQUEST :
JavaTM Cryptography Extension (JCE) desparately needs updating with new algorithms for Password-Based Encryption (PBE)!
I have source code which determines all of the available algorithms (ask me if you want a copy and I'll give it to you). The result when executed against JDK 1.5 for SecretKeyFactory (which is used for PBE) is the following list of algorithms:
DES
DESEDE
PBE
PBEWITHMD5ANDDES
PBEWITHMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_40
This is bad--all of those algorithms are getting pretty obsolete by now.
MD5
http://en.wikipedia.org/wiki/Md5
and SHA1
http://en.wikipedia.org/wiki/SHA_hash_functions
are poor choices as digests, now that they have been cracked as mentioned in the links above; see also
http://www.networkworld.com/news/2005/110105-nist-crypto.html
You really need to offer the "SHA-2" varaiants of the SHA algorithm for use as digests with PBE. I would personally like to use SHA-512.
As for the encryption algorithm choices currently offered, DES has been hopelessly insecure for years
http://en.wikipedia.org/wiki/Data_Encryption_Standard
while DESEDE/TRIPLEDES has mediocre security and is very slow.
I would really like to see you offer AES, particularly AES-256 (256 bit keys), for use as an encryption algorithm with PBE.
Just look at all the other people who have been requesting this on your forums for years now:
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=277910
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=542790
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=633953
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=458182
!!!
JUSTIFICATION :
Current algorithms supported are vulnerable and/or slow.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Support modern algorithms.
CUSTOMER SUBMITTED WORKAROUND :
None. Cannot even goto Bouncy Castle for PBE with SHA-512 as the digest and AES-256 as the encryption algorithm.
JavaTM Cryptography Extension (JCE) desparately needs updating with new algorithms for Password-Based Encryption (PBE)!
I have source code which determines all of the available algorithms (ask me if you want a copy and I'll give it to you). The result when executed against JDK 1.5 for SecretKeyFactory (which is used for PBE) is the following list of algorithms:
DES
DESEDE
PBE
PBEWITHMD5ANDDES
PBEWITHMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_40
This is bad--all of those algorithms are getting pretty obsolete by now.
MD5
http://en.wikipedia.org/wiki/Md5
and SHA1
http://en.wikipedia.org/wiki/SHA_hash_functions
are poor choices as digests, now that they have been cracked as mentioned in the links above; see also
http://www.networkworld.com/news/2005/110105-nist-crypto.html
You really need to offer the "SHA-2" varaiants of the SHA algorithm for use as digests with PBE. I would personally like to use SHA-512.
As for the encryption algorithm choices currently offered, DES has been hopelessly insecure for years
http://en.wikipedia.org/wiki/Data_Encryption_Standard
while DESEDE/TRIPLEDES has mediocre security and is very slow.
I would really like to see you offer AES, particularly AES-256 (256 bit keys), for use as an encryption algorithm with PBE.
Just look at all the other people who have been requesting this on your forums for years now:
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=277910
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=542790
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=633953
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=458182
!!!
JUSTIFICATION :
Current algorithms supported are vulnerable and/or slow.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Support modern algorithms.
CUSTOMER SUBMITTED WORKAROUND :
None. Cannot even goto Bouncy Castle for PBE with SHA-512 as the digest and AES-256 as the encryption algorithm.
- backported by
-
JDK-8210516 PBE: need new algorithm support in password based encryption
-
- Resolved
-
-
-
- Resolved
-
- relates to
-
JDK-8269216 Useless initialization in com/sun/crypto/provider/PBES2Parameters.java
-
- Resolved
-
-
-
- Resolved
-
-
JDK-8046111 JEP 121: Stronger Algorithms for Password-Based Encryption
-
- Closed
-