Please Review: required security algorithms for Java SE 7 implementations

Florian Weimer fweimer at bfk.de
Mon Dec 20 04:29:16 PST 2010


* Sean Mullan:

>> Oh, and I just realized that MD5 and HmacMD5 are missing.  These
>> algorithms are still heavily used (and HmacMD5 is not really broken,
>> it's only guilty by association).
>
> Yes, MD5 is still in use, but I think it is decreasing in use
> significantly. Can you give more rationale, for example data that
> would suggest that not making these algorithms a requirement would
> affect a significant number of Java applications or where
> SHA-1/HmacSHA1 would not be an adequate alternative?

I think it's used internally in TLS until TLS 1.2 (as noted by
others).

There are also many applications which use MD5 as some sort of content
descriptor.  For instance, the AV industry uses MD5 for identifying
malware samples.  (It's not cryptographically strong, but it's
certainly better than W32/Backdoor.QCT.gen.)

> TLS_RSA_WITH_AES_128_CBC_SHA is not listed because we did not specify
> that TLS 1.1 or TLS 1.2 should be requirements. TLS 1.1 and 1.2 are
> new features of JDK 7 and AFAIU are not as widely used as TLS 1.0 yet.

Support for all the primitives in TLS_RSA_WITH_AES_128_CBC_SHA is
already required, so I would be surprised if any implementation
actually omitted this, given the performance improvement over 3DES.
So why not mandate it outright?

> Maybe we could do something like that, although I would also like to
> understand the SPI issues better and see if we could look at ways of
> reducing that overhead without coming with new APIs.

NoSuchAlgorithmException is a checked exception, so initialization of
instance variables tends to be a bit verbose, even if the spec says
that the specified algorithm name is always present.

We saw a decent improvement in speed after switching from
MessageDigest.getInstance(String) to cloning a prototype object,
presumably due to the elaborate way the actual implementation class is
discovered.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the security-dev mailing list