Details
-
Type:
Enhancement
-
Status: Resolved
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: None
-
Fix Version/s: 10
-
Component/s: security-libs
-
Labels:
-
Subcomponent:
-
Resolved In Build:b34
Description
The DSAKeyPairGenerator class description currently says the following:
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate 1024-bit keys, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source."
1024-bit keys are no longer recommended. Ideally, this default requirement should be removed and it should be implementation-specific as to what size keys are generated. Suggest changing this to:
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate keys of an implementation-specific size, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source. However, note that the default keysize may vary across different implementations and may change in a future version. Therefore, it is recommended to explicitly initialize the DSAKeyPairGenerator instead of relying on defaults."
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate 1024-bit keys, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source."
1024-bit keys are no longer recommended. Ideally, this default requirement should be removed and it should be implementation-specific as to what size keys are generated. Suggest changing this to:
"If no initialize method is called on a DSAKeyPairGenerator, the default is to generate keys of an implementation-specific size, using precomputed p, q and g parameters and an instance of SecureRandom as the random bit source. However, note that the default keysize may vary across different implementations and may change in a future version. Therefore, it is recommended to explicitly initialize the DSAKeyPairGenerator instead of relying on defaults."
Attachments
Issue Links
- csr for
-
JDK-8190569 Remove 1024-bit default requirement from javadoc of java.security.interfaces.DSAKeyPairGenerator
-
- Closed
-