Details
-
Enhancement
-
Resolution: Fixed
-
P3
-
None
-
b34
Description
The DSAKeyPairGenerator class description currently says the following:
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate 1024-bit keys, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source."
1024-bit keys are no longer recommended. Ideally, this default requirement should be removed and it should be implementation-specific as to what size keys are generated. Suggest changing this to:
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate keys of an implementation-specific size, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source. However, note that the default keysize may vary across different implementations and may change in a future version. Therefore, it is recommended to explicitly initialize the DSAKeyPairGenerator instead of relying on defaults."
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate 1024-bit keys, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source."
1024-bit keys are no longer recommended. Ideally, this default requirement should be removed and it should be implementation-specific as to what size keys are generated. Suggest changing this to:
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate keys of an implementation-specific size, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source. However, note that the default keysize may vary across different implementations and may change in a future version. Therefore, it is recommended to explicitly initialize the DSAKeyPairGenerator instead of relying on defaults."
Attachments
Issue Links
- csr for
-
JDK-8190569 Remove 1024-bit default requirement from javadoc of java.security.interfaces.DSAKeyPairGenerator
-
- Closed
-