United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
JDK-6383200 : PBE: need new algorithm support in password based encryption

Details
Type:
Enhancement
Submit Date:
2006-02-08
Status:
Closed
Updated Date:
2014-06-06
Project Name:
JDK
Resolved Date:
2012-11-05
Component:
security-libs
OS:
windows_xp
Sub-Component:
javax.crypto
CPU:
x86
Priority:
P3
Resolution:
Fixed
Affected Versions:
5.0
Fixed Versions:

Related Reports
Relates:

Sub Tasks

Description
A DESCRIPTION OF THE REQUEST :
JavaTM Cryptography Extension (JCE) desparately needs updating with new algorithms for Password-Based Encryption (PBE)!

I have source code which determines all of the available algorithms (ask me if you want a copy and I'll give it to you).  The result when executed against JDK 1.5 for SecretKeyFactory (which is used for PBE) is the following list of algorithms:
	DES
	DESEDE
	PBE
	PBEWITHMD5ANDDES
	PBEWITHMD5ANDTRIPLEDES
	PBEWITHSHA1ANDDESEDE
	PBEWITHSHA1ANDRC2_40

This is bad--all of those algorithms are getting pretty obsolete by now.

MD5
	http://en.wikipedia.org/wiki/Md5
and SHA1
	http://en.wikipedia.org/wiki/SHA_hash_functions
are poor choices as digests, now that they have been cracked as mentioned in the links above; see also
	http://www.networkworld.com/news/2005/110105-nist-crypto.html

You really need to offer the "SHA-2" varaiants of the SHA algorithm for use as digests with PBE.  I would personally like to use SHA-512.

As for the encryption algorithm choices currently offered, DES has been hopelessly insecure for years
	http://en.wikipedia.org/wiki/Data_Encryption_Standard
while DESEDE/TRIPLEDES has mediocre security and is very slow.

I would really like to see you offer AES, particularly AES-256 (256 bit keys), for use as an encryption algorithm with PBE.

Just look at all the other people who have been requesting this on your forums for years now:
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=277910
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=542790
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=633953
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=458182
!!!

JUSTIFICATION :
Current algorithms supported are vulnerable and/or slow.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Support modern algorithms.

CUSTOMER SUBMITTED WORKAROUND :
None.  Cannot even goto Bouncy Castle for PBE with SHA-512 as the digest and AES-256 as the encryption algorithm.

                                    

Comments
EVALUATION

Too late for mustang, may try to address in dolphin.
                                     
2006-02-09
EVALUATION

Aside from the AES thread generated in the webbugs, from a separate thread of email, which also talks about possibly needing additional PBE algorithms.  Solaris is merging some OpenSSL code, and will have support for several additional algorithms.  A Sun project was asking if we would have support for some of these algorithms as well, in regards to how they plan to support PKCS12 keystore types.

   PKCS#12 defines following PBE algorithms
   a) pbeWithSHAAnd128BitRC4
   b) pbeWithSHAAnd40BitRC4
   c) pbeWithSHAAnd3-KeyTripleDES-CBC
   d) pbeWithSHAAnd2-KeyTripleDES-CBC
   e) pbeWithSHAAnd128BitRC2-CBC
   f) pbewithSHAAnd40BitRC2-CBC

   We support (c) and (f) only.

The project plans to stick with f) for now.

And...Encryption algorithm for PKCS#8 EncryptedPrivateKeyInfo
   Algorithm OID 1.2.840.113549.1.5.13
 
  As defined in PKCS #5 v2.0
  PBES2Algorithms ALGORITHM-IDENTIFIER ::=
  { {PBES2-params IDENTIFIED BY id-PBES2}, ...}
  id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
                                     
2006-03-03
URL:   http://hg.openjdk.java.net/jdk8/tl/jdk/rev/519f4c9ebf8d
User:  vinnie
Date:  2012-11-05 20:21:38 +0000

                                     
2012-11-05
Marking this as verified based on the test dev status of the Test Plan
                                     
2013-07-10



Hardware and Software, Engineered to Work Together