8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG

Bradford Wetmore bradford.wetmore at oracle.com
Thu May 12 04:24:59 UTC 2016


Looks good.

Brad


On 5/11/2016 7:27 PM, Wang Weijun wrote:
> Please take a review at
>
>    http://cr.openjdk.java.net/~weijun/8156213/webrev.00/
>
> In its initial changeset, The SUN implementation of DRBG supports all algorithms described in NIST SP 800-90Ar1. However, one algorithm is already considered weak today (3KeyTDEA) and another is likely to be consider weak quite soon (SHA-1). We should stop supporting them right from the beginning.
>
> It's a relief to say default strength is 128 for all mech/alg combinations.
>
> There is no interoperability or compatibility problem for SecureRandom.
>
> Thanks
> Max
>



More information about the security-dev mailing list