-
CSR
-
Resolution: Unresolved
-
P3
-
None
-
low
-
For the removals, we are not removing the implementations from the JDK at this time.
-
Java API
-
SE
Summary
Make some updates to the security algorithm requirements for Java SE implementations. Remove some weak algorithms that should not be in wide use anymore, and add password derivation/encryption algorithms based on the PBES2 algorithms specified in PKCS #5 version 2.1.
Problem
We periodically update the security algorithm requirements for Java SE, removing older algorithms that are not recommended and/or that are not commonly used and adding newer, modern algorithms.
Solution
Remove the the following algorithms from the list of required algorithms as they are no longer recommended, and should not be in wide usage anymore:
AlgorithmParameters: DESede
Cipher:
DESede/CBC/NoPadding
DESede/CBC/PKCS5Padding
DESede/ECB/NoPadding
DESede/ECB/PKCS5Padding
RSA/ECB/PKCS1Padding
KeyGenerator: DESede
SecretKeyFactory: DESedeAdd the following PBES2 algorithms from PKCS#5 v2.1 as new requirements:
AlgorithmParameters:
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
Cipher:
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
Mac:
PBEWithHmacSHA256
SecretKeyFactory:
PBEWithHmacSHA256AndAES_128
PBEWithHmacSHA256AndAES_256
PBKDF2WithHmacSHA256Specification
See the attachments for the updated Standard Algorithm Names spec (the changes are in the Security Algorithm Implementation Requirements section) and a webrev of the API changes.
- csr of
-
JDK-8361964 Remove outdated algorithms from requirements and add PBES2 algorithms
-
- In Progress
-