The keytool -importpass command stores a passphrase as a PBEKey. As keytool only can see it is a PBEKey, and its getAlgorithm() always returns “PBEwithMD5andDES”, keytool has no information to determine if this secret key entry is protected by a weak algorithm.
This is filed to explore if changes may be made so keytool could warn about PBE algorithms.

The keytool -genseckey has the same problem. For example, keytool -genseckey -keyalg PBEWithMD5AndDES -keystore keystore -alias pbe