RFR (12): 8212669: Add note to Cipher javadoc about using full transformation and not relying on defaults
Sean Mullan
sean.mullan at oracle.com
Thu Nov 1 15:47:12 UTC 2018
On 11/1/18 11:27 AM, Xuelei Fan wrote:
> What do you think if adding a note that the default value may be
> different for each provider, and may be changed from time to time with
> the development of crypto analysis?
I didn't want to get too wordy, just to make a concise point that
defaults can be problematic and are not recommended. My preference would
be to put more wording like that in the security guides.
--Sean
>
> Xuelei
>
> On 11/1/2018 7:57 AM, Sean Mullan wrote:
>> Please review this javadoc-only change to the Cipher class. An
>> @apiNote has been added to each of the getInstance methods to
>> recommend that the full transformation be specified when creating a
>> Cipher and to avoid relying on the defaults. Also a link to the
>> defaults used by the JDK providers has been added as an @implNote.
>>
>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/8212669/webrev.00/
>> bug: https://bugs.openjdk.java.net/browse/JDK-8212669
>>
>> Thanks,
>> Sean
More information about the security-dev
mailing list