Algorithm decomposer decomposes the PBEWithSHA1AndRC2_40 algorithm into PBE, SHA1, and RC2_40 currently. Hence, keytool -genseckey -keyalg PBEWithSHA1AndRC2_40 command will not be able to emit warning when SHA1 is removed from jdk.security.legacyAlgorithms. This issue is raised during the code review of JDK-8286907, and the suggested one solution is to add both "RC2_40" and "RC2_128" to the security property.