RFR 8138653: Default key sizes for the AlgorithmParameterGenerator and KeyPairGenerator implementations should be upgraded
Sean Mullan
sean.mullan at oracle.com
Tue Mar 1 19:21:26 UTC 2016
Updated webrev:
http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.01/
The following changes have been made:
- The default key size for DSA has not been changed (stays at 1024) due
to the high risk of breaking compatibility with applications still using
SHA1withDSA (key sizes larger than 1024 may be incompatible and
rejected). We will wait on this one for now.
- The SunPKCS11 default size for RSA keys has been increased to 2048.
- A bug in the PKCS11 tests was fixed which caused the version of newer
NSS libraries to be unrecognized.
--Sean
On 02/24/2016 09:54 AM, Sean Mullan wrote:
> Please review this fix to improve security defaults by increasing the
> default keysize of the RSA, DSA, and DiffieHellman implementations of
> AlgorithmParameterGenerator and KeyPairGenerator from 1024 to 2048 bits:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8138653/webrev.00/
>
> Thanks,
> Sean
>
More information about the security-dev
mailing list