Summary

Make some updates to the security algorithm requirements for Java SE implementations. Remove some weak algorithms that should not be in wide use anymore, and add password derivation/encryption algorithms based on the PBES2 algorithms specified in RFC 8018: PKCS #5: Password-Based Cryptography Specification Version 2.1.

Problem

We periodically update the security algorithm requirements for Java SE, removing older algorithms that are not recommended and/or that are not commonly used and adding newer, modern algorithms.

For the removals, the DESede (or 3DES) algorithm is weak and no longer recommended in technologies such as Kerberos and should not be in wide use anymore. PKCS1Padding (defined in RFC 8017) is an outdated padding algorithm that has had various issues and should not be used anymore.

For the additions, the PBES2 algorithms are based on the PBKDF2 key derivation algorithm, which uses modern cryptographic algorithms and is recommended by NIST for password hashing.

Solution

Remove the the following algorithms from the list of required algorithms as they are no longer recommended, and should not be in wide usage anymore:

AlgorithmParameters: DESede
Cipher:
    DESede/CBC/NoPadding
    DESede/CBC/PKCS5Padding
    DESede/ECB/NoPadding
    DESede/ECB/PKCS5Padding
    RSA/ECB/PKCS1Padding
KeyGenerator: DESede
SecretKeyFactory: DESede

Add the following PBES2 algorithms from PKCS#5 v2.1 as new requirements:

AlgorithmParameters:
    PBEWithHmacSHA256AndAES_128
    PBEWithHmacSHA256AndAES_256
Cipher:
    PBEWithHmacSHA256AndAES_128
    PBEWithHmacSHA256AndAES_256
Mac:
    PBEWithHmacSHA256
SecretKeyFactory:
    PBEWithHmacSHA256AndAES_128
    PBEWithHmacSHA256AndAES_256
    PBKDF2WithHmacSHA256

Specification

See the attachments for the updated Standard Algorithm Names spec (the changes are in the Security Algorithm Implementation Requirements section) and a webrev of the API changes.