RFR: 8286907: keytool should warn about weak PBE algorithms [v2]
Weijun Wang
weijun at openjdk.org
Wed Jan 25 14:36:12 UTC 2023
On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:
>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
>
> Update with Max's comment
I tried using `-keyalg PBEWithSHA1AndRC2_40` and removed `SHA-1` from `jdk.security.legacyAlgorithms` and see no warning. It looks like the disabled algorithm decomposer cannot extract "RC2" from the algorithm name.
Also, since this check only looks at `jdk.security.legacyAlgorithms`, shall we add other disabled algorithms here as well? Like MD2.
-------------
PR: https://git.openjdk.org/jdk/pull/12056
More information about the security-dev
mailing list