RFR 8138653: Default key sizes for the AlgorithmParameterGenerator and KeyPairGenerator implementations should be upgraded
Vincent Ryan
vincent.x.ryan at oracle.com
Tue Mar 1 21:50:38 UTC 2016
Your fix looks fine.
Thanks.
> On 1 Mar 2016, at 19:21, Sean Mullan <sean.mullan at oracle.com> wrote:
>
> Updated webrev: http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.01/
>
> The following changes have been made:
>
> - The default key size for DSA has not been changed (stays at 1024) due to the high risk of breaking compatibility with applications still using SHA1withDSA (key sizes larger than 1024 may be incompatible and rejected). We will wait on this one for now.
>
> - The SunPKCS11 default size for RSA keys has been increased to 2048.
>
> - A bug in the PKCS11 tests was fixed which caused the version of newer NSS libraries to be unrecognized.
>
> --Sean
>
> On 02/24/2016 09:54 AM, Sean Mullan wrote:
>> Please review this fix to improve security defaults by increasing the
>> default keysize of the RSA, DSA, and DiffieHellman implementations of
>> AlgorithmParameterGenerator and KeyPairGenerator from 1024 to 2048 bits:
>>
>> http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.00/
>>
>> Thanks,
>> Sean
>>
More information about the security-dev
mailing list