RFR 8138653: Default key sizes for the AlgorithmParameterGenerator and KeyPairGenerator implementations should be upgraded
Seán Coffey
sean.coffey at oracle.com
Wed Feb 24 16:58:07 UTC 2016
I think you might have forgotten the PKCS11 implementation Sean.
e.g.
src/jdk.crypto.pkcs11/share/classes/sun/security/pkcs11/P11KeyPairGenerator.java
On a side note, I notice a discrepancy in the KeyPairGenerator javadoc.
It's more of an implNote issue :
> If the algorithm is the/DSA/algorithm, and the keysize (modulus size)
> is 512, 768, or 1024, then the/Sun/provider uses a set of precomputed
> values for the|p|,|q|, and|g|parameters.
I think we also cache 2048 bit values. Maybe you can modify.
Regards,
Sean.
On 24/02/16 14:54, Sean Mullan wrote:
> Please review this fix to improve security defaults by increasing the
> default keysize of the RSA, DSA, and DiffieHellman implementations of
> AlgorithmParameterGenerator and KeyPairGenerator from 1024 to 2048 bits:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.00/
>
> Thanks,
> Sean
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20160224/dabddde2/attachment.htm>
More information about the security-dev
mailing list