RFR: 8286907: keytool should warn about weak PBE algorithms [v2]

Hai-May Chao hchao at openjdk.org
Thu Jan 26 04:57:18 UTC 2023


On Fri, 20 Jan 2023 22:03:29 GMT, Hai-May Chao <hchao at openjdk.org> wrote:

>> Please review the fix to address the problem in keytool -genseckey and -importpass.
>
> Hai-May Chao has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Update with Max's comment

Yes, the issue for `PBEWithSHA1AndRC2_40` when `SHA-1` is removed from `jdk.security.legacyAlgorithms` is because Algorithm Decomposer decomposes it to RC2_40 **accordingly** and Constraints map contains RC2 which is built based on `jdk.security.legacyAlgorithms`. Filed JDK-8301127 for this.
Filed JDK-8301130 to track adding MD2 to j`dk.security.legacyAlgorithms`.

-------------

PR: https://git.openjdk.org/jdk/pull/12056



More information about the security-dev mailing list