Please Review: required security algorithms for Java SE 7 implementations

Sean Mullan sean.mullan at oracle.com
Mon Dec 20 07:27:23 PST 2010


On 12/20/10 7:29 AM, Florian Weimer wrote:
> * Sean Mullan:
>
>>> Oh, and I just realized that MD5 and HmacMD5 are missing.  These
>>> algorithms are still heavily used (and HmacMD5 is not really broken,
>>> it's only guilty by association).
>>
>> Yes, MD5 is still in use, but I think it is decreasing in use
>> significantly. Can you give more rationale, for example data that
>> would suggest that not making these algorithms a requirement would
>> affect a significant number of Java applications or where
>> SHA-1/HmacSHA1 would not be an adequate alternative?
>
> I think it's used internally in TLS until TLS 1.2 (as noted by
> others).
>
> There are also many applications which use MD5 as some sort of content
> descriptor.  For instance, the AV industry uses MD5 for identifying
> malware samples.  (It's not cryptographically strong, but it's
> certainly better than W32/Backdoor.QCT.gen.)

I've added MD5 and HmacMD5 to the latest revision at: 
http://cr.openjdk.java.net/~mullan/5001004/review.01/StandardNames.html#impl

>
>> TLS_RSA_WITH_AES_128_CBC_SHA is not listed because we did not specify
>> that TLS 1.1 or TLS 1.2 should be requirements. TLS 1.1 and 1.2 are
>> new features of JDK 7 and AFAIU are not as widely used as TLS 1.0 yet.
>
> Support for all the primitives in TLS_RSA_WITH_AES_128_CBC_SHA is
> already required, so I would be surprised if any implementation
> actually omitted this, given the performance improvement over 3DES.
> So why not mandate it outright?

We are trying to be conservative with this initial list of required algorithms, 
recognizing that it will grow over time. If we add TLS_RSA_WITH_AES_128_CBC_SHA 
to the list (which is a TLS 1.2 mandatory cipher suite), then someone may argue 
why we didn't also add TLS_RSA_WITH_3DES_EDE_CBC_SHA (which is a TLS 1.1 
mandatory cipher suite). My preference would be to not add these to the list 
until we add TLS 1.1/1.2 to the required list (probably in JDK 8).

--Sean



More information about the security-dev mailing list