8156213: Remove SHA-1 and 3KeyTDEA algorithms from DRBG

Xuelei Fan xuelei.fan at oracle.com
Thu May 12 04:38:11 UTC 2016


On 5/12/2016 12:24 PM, Bradford Wetmore wrote:
> Looks good.
> 
+1.

Xuelei

> Brad
> 
> 
> On 5/11/2016 7:27 PM, Wang Weijun wrote:
>> Please take a review at
>>
>>    http://cr.openjdk.java.net/~weijun/8156213/webrev.00/
>>
>> In its initial changeset, The SUN implementation of DRBG supports all
>> algorithms described in NIST SP 800-90Ar1. However, one algorithm is
>> already considered weak today (3KeyTDEA) and another is likely to be
>> consider weak quite soon (SHA-1). We should stop supporting them right
>> from the beginning.
>>
>> It's a relief to say default strength is 128 for all mech/alg
>> combinations.
>>
>> There is no interoperability or compatibility problem for SecureRandom.
>>
>> Thanks
>> Max
>>




More information about the security-dev mailing list