-
Enhancement
-
Resolution: Duplicate
-
P3
-
None
Per NIST SP 800-57 recommendation [1], RSA/DSA keys less than 1024 bits is only allowed for legacy use since 2014, and deprecated since 2011. The RSA key pair generation is till using 1024 bits as the default key size:
public RSAKeyPairGenerator() {
// initialize to default in case the app does not call initialize()
initialize(1024, null);
}
We may also need to check the code for DSA and DH.
We may want to make an improvement to use 2048 bits keys by default in JDK 8.
[1] http://sim.ivi.co/2012/04/nist-security-strength-time-frames.html
public RSAKeyPairGenerator() {
// initialize to default in case the app does not call initialize()
initialize(1024, null);
}
We may also need to check the code for DSA and DH.
We may want to make an improvement to use 2048 bits keys by default in JDK 8.
[1] http://sim.ivi.co/2012/04/nist-security-strength-time-frames.html
- duplicates
-
-
- Resolved
-
- relates to
-
-
- Resolved
-
-
-
- Closed
-