8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG
Wang Weijun
weijun.wang at oracle.com
Thu May 12 02:27:26 UTC 2016
Please take a review at
http://cr.openjdk.java.net/~weijun/8156213/webrev.00/
In its initial changeset, The SUN implementation of DRBG supports all algorithms described in NIST SP 800-90Ar1. However, one algorithm is already considered weak today (3KeyTDEA) and another is likely to be consider weak quite soon (SHA-1). We should stop supporting them right from the beginning.
It's a relief to say default strength is 128 for all mech/alg combinations.
There is no interoperability or compatibility problem for SecureRandom.
Thanks
Max
More information about the security-dev
mailing list