RFR: 8361964: Remove outdated algorithms from requirements and add PBES2 algorithms
Hai-May Chao
hchao at openjdk.org
Sat Jul 19 00:53:49 UTC 2025
On Fri, 18 Jul 2025 16:37:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> The Security Algorithm Implementation Requirements will be updated as follows:
>
> The following algorithms will be removed from the list of required algorithms as they are no longer recommended, and should not be in wide usage anymore:
>
> AlgorithmParameters: DESede
> Cipher:
> DESede/CBC/NoPadding
> DESede/CBC/PKCS5Padding
> DESede/ECB/NoPadding
> DESede/ECB/PKCS5Padding
> RSA/ECB/PKCS1Padding
> KeyGenerator: DESede
> SecretKeyFactory: DESede
>
> The following PBES2 algorithms will be added as new requirements. These are modern password-based encryption, mac and key derivation algorithms defined in PKCS #5 version 2.1 ([RFC 8018](https://www.rfc-editor.org/rfc/rfc8018)):
>
> AlgorithmParameters:
> PBEWithHmacSHA256AndAES_128
> PBEWithHmacSHA256AndAES_256
> Cipher:
> PBEWithHmacSHA256AndAES_128
> PBEWithHmacSHA256AndAES_256
> Mac:
> PBEWithHmacSHA256
> SecretKeyFactory:
> PBEWithHmacSHA256AndAES_128
> PBEWithHmacSHA256AndAES_256
> PBKDF2WithHmacSHA256
Marked as reviewed by hchao (Reviewer).
Changes look good.
-------------
PR Review: https://git.openjdk.org/jdk/pull/26392#pullrequestreview-3035030281
PR Comment: https://git.openjdk.org/jdk/pull/26392#issuecomment-3091328062
More information about the security-dev
mailing list