PING: RFR: JDK-4347142: Need method to set Password protection to Zip entries
mark.reinhold at oracle.com
mark.reinhold at oracle.com
Tue Apr 19 22:57:02 UTC 2016
2016/4/8 9:52:56 -0700, anthony.vanelverdinghe at gmail.com:
> I don't mind if decryption support is added for the "Traditional
> Encryption". However, I believe it would be wrong to introduce
> encryption support for a known-to-be-broken encryption method in the
> JDK. Using the argument of "it's good enough for our case", I could also
> argue that Base64 qualifies as an encryption method, or that SSLv2 is an
> appropriate choice to secure network connections.
I have to agree. I don't think it makes sense to add a known-vulnerable
encryption algorithm to the JDK. It might work perfectly well for one
use case but it will eventually be used by someone who doesn't take the
time to understand it, assumes that it provides strong encryption when
it doesn't, gets burned, and then blames Java.
- Mark
More information about the core-libs-dev
mailing list