Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-6383200

PBE: need new algorithm support in password based encryption

    XMLWordPrintable

    Details

    • Subcomponent:
    • Resolved In Build:
      b65
    • CPU:
      x86
    • OS:
      windows_xp

      Backports

        Description

        A DESCRIPTION OF THE REQUEST :
        JavaTM Cryptography Extension (JCE) desparately needs updating with new algorithms for Password-Based Encryption (PBE)!

        I have source code which determines all of the available algorithms (ask me if you want a copy and I'll give it to you). The result when executed against JDK 1.5 for SecretKeyFactory (which is used for PBE) is the following list of algorithms:
        DES
        DESEDE
        PBE
        PBEWITHMD5ANDDES
        PBEWITHMD5ANDTRIPLEDES
        PBEWITHSHA1ANDDESEDE
        PBEWITHSHA1ANDRC2_40

        This is bad--all of those algorithms are getting pretty obsolete by now.

        MD5
        http://en.wikipedia.org/wiki/Md5
        and SHA1
        http://en.wikipedia.org/wiki/SHA_hash_functions
        are poor choices as digests, now that they have been cracked as mentioned in the links above; see also
        http://www.networkworld.com/news/2005/110105-nist-crypto.html

        You really need to offer the "SHA-2" varaiants of the SHA algorithm for use as digests with PBE. I would personally like to use SHA-512.

        As for the encryption algorithm choices currently offered, DES has been hopelessly insecure for years
        http://en.wikipedia.org/wiki/Data_Encryption_Standard
        while DESEDE/TRIPLEDES has mediocre security and is very slow.

        I would really like to see you offer AES, particularly AES-256 (256 bit keys), for use as an encryption algorithm with PBE.

        Just look at all the other people who have been requesting this on your forums for years now:
        http://forum.java.sun.com/thread.jspa?forumID=9&threadID=277910
        http://forum.java.sun.com/thread.jspa?forumID=9&threadID=542790
        http://forum.java.sun.com/thread.jspa?forumID=9&threadID=633953
        http://forum.java.sun.com/thread.jspa?forumID=9&threadID=458182
        !!!

        JUSTIFICATION :
        Current algorithms supported are vulnerable and/or slow.

        EXPECTED VERSUS ACTUAL BEHAVIOR :
        EXPECTED -
        Support modern algorithms.

        CUSTOMER SUBMITTED WORKAROUND :
        None. Cannot even goto Bouncy Castle for PBE with SHA-512 as the digest and AES-256 as the encryption algorithm.

          Attachments

            Issue Links

              Activity

                People

                Assignee:
                vinnie Vincent Ryan
                Reporter:
                jleesunw Jon Lee (Inactive)
                Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                  Dates

                  Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: