RFR 8218723: SecretKeyFactory.getInstance( algo_, provider_ ) ignoresthe provider argument.
Bernd Eckenfels
ecki at zusammenkunft.net
Thu Mar 14 15:58:00 UTC 2019
Looking at the patch it seems obvious that this functionality was intentional at least for having a PKCS11 MAC. Do we really want to removbe that Option and if yes des it require some form of aproval?
(I think the change is good in General but that case Needs to be decided).
Since this is relaed, using a whitebox prf would also allow to do precomputing of the first hmac block outside of the Iteration, thats an algorithmic speedup* which attackers implementations surely feature.
Gruss
Bernd
* OPT-02 in https://afiuorio.github.io/assets/thesis_afi_msc.pdf
--
http://bernd.eckenfels.net
Von: Jamil Nimeh
Gesendet: Donnerstag, 14. März 2019 16:36
An: OpenJDK Dev list
Betreff: RFR 8218723: SecretKeyFactory.getInstance( algo_, provider_ ) ignoresthe provider argument.
Hello all,
This review will change the SunJCE implementation of PBKDF2 so that it
always uses the SunJCE version of the PRF algorithm internally.
Webrev: http://cr.openjdk.java.net/~jnimeh/reviews/8218723/webrev.01/
JBS: https://bugs.openjdk.java.net/browse/JDK-8218723
CSR: https://bugs.openjdk.java.net/browse/JDK-8220531
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20190314/66e6d29f/attachment.htm>
More information about the security-dev
mailing list