Integrated: 8361964: Remove outdated algorithms from requirements and add PBES2 algorithms
Sean Mullan
mullan at openjdk.org
Fri Jul 25 12:58:59 UTC 2025
On Fri, 18 Jul 2025 16:37:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
> The Security Algorithm Implementation Requirements will be updated as follows:
>
> The following algorithms will be removed from the list of required algorithms as they are no longer recommended, and should not be in wide usage anymore:
>
> AlgorithmParameters: DESede
> Cipher:
> DESede/CBC/NoPadding
> DESede/CBC/PKCS5Padding
> DESede/ECB/NoPadding
> DESede/ECB/PKCS5Padding
> RSA/ECB/PKCS1Padding
> KeyGenerator: DESede
> SecretKeyFactory: DESede
>
> The following PBES2 algorithms will be added as new requirements. These are modern password-based encryption, mac and key derivation algorithms defined in PKCS #5 version 2.1 ([RFC 8018](https://www.rfc-editor.org/rfc/rfc8018)):
>
> AlgorithmParameters:
> PBEWithHmacSHA256AndAES_128
> PBEWithHmacSHA256AndAES_256
> Cipher:
> PBEWithHmacSHA256AndAES_128
> PBEWithHmacSHA256AndAES_256
> Mac:
> PBEWithHmacSHA256
> SecretKeyFactory:
> PBEWithHmacSHA256AndAES_128
> PBEWithHmacSHA256AndAES_256
> PBKDF2WithHmacSHA256
This pull request has now been integrated.
Changeset: 06fdb61e
Author: Sean Mullan <mullan at openjdk.org>
URL: https://git.openjdk.org/jdk/commit/06fdb61e1cdc9abf9ac4fa62fd63992d298baffa
Stats: 13 lines in 5 files changed: 5 ins; 5 del; 3 mod
8361964: Remove outdated algorithms from requirements and add PBES2 algorithms
Reviewed-by: hchao
-------------
PR: https://git.openjdk.org/jdk/pull/26392
More information about the security-dev
mailing list