JDK-6383200 : PBE: need new algorithm support in password based encryption
  • Type: Enhancement
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Affected Version: 5.0
  • Priority: P3
  • Status: Closed
  • Resolution: Fixed
  • OS: windows_xp
  • CPU: x86
  • Submitted: 2006-02-08
  • Updated: 2021-06-23
  • Resolved: 2018-09-12
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8 Other
7u211Fixed 8 b65Fixed openjdk7uFixed
Related Reports
Relates :  
Relates :  
Relates :  
Description
A DESCRIPTION OF THE REQUEST :
JavaTM Cryptography Extension (JCE) desparately needs updating with new algorithms for Password-Based Encryption (PBE)!

I have source code which determines all of the available algorithms (ask me if you want a copy and I'll give it to you).  The result when executed against JDK 1.5 for SecretKeyFactory (which is used for PBE) is the following list of algorithms:
	DES
	DESEDE
	PBE
	PBEWITHMD5ANDDES
	PBEWITHMD5ANDTRIPLEDES
	PBEWITHSHA1ANDDESEDE
	PBEWITHSHA1ANDRC2_40

This is bad--all of those algorithms are getting pretty obsolete by now.

MD5
	http://en.wikipedia.org/wiki/Md5
and SHA1
	http://en.wikipedia.org/wiki/SHA_hash_functions
are poor choices as digests, now that they have been cracked as mentioned in the links above; see also
	http://www.networkworld.com/news/2005/110105-nist-crypto.html

You really need to offer the "SHA-2" varaiants of the SHA algorithm for use as digests with PBE.  I would personally like to use SHA-512.

As for the encryption algorithm choices currently offered, DES has been hopelessly insecure for years
	http://en.wikipedia.org/wiki/Data_Encryption_Standard
while DESEDE/TRIPLEDES has mediocre security and is very slow.

I would really like to see you offer AES, particularly AES-256 (256 bit keys), for use as an encryption algorithm with PBE.

Just look at all the other people who have been requesting this on your forums for years now:
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=277910
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=542790
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=633953
	http://forum.java.sun.com/thread.jspa?forumID=9&threadID=458182
!!!

JUSTIFICATION :
Current algorithms supported are vulnerable and/or slow.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Support modern algorithms.

CUSTOMER SUBMITTED WORKAROUND :
None.  Cannot even goto Bouncy Castle for PBE with SHA-512 as the digest and AES-256 as the encryption algorithm.

Comments
Marking this as verified based on the test dev status of the Test Plan
10-07-2013

EVALUATION Aside from the AES thread generated in the webbugs, from a separate thread of email, which also talks about possibly needing additional PBE algorithms. Solaris is merging some OpenSSL code, and will have support for several additional algorithms. A Sun project was asking if we would have support for some of these algorithms as well, in regards to how they plan to support PKCS12 keystore types. PKCS#12 defines following PBE algorithms a) pbeWithSHAAnd128BitRC4 b) pbeWithSHAAnd40BitRC4 c) pbeWithSHAAnd3-KeyTripleDES-CBC d) pbeWithSHAAnd2-KeyTripleDES-CBC e) pbeWithSHAAnd128BitRC2-CBC f) pbewithSHAAnd40BitRC2-CBC We support (c) and (f) only. The project plans to stick with f) for now. And...Encryption algorithm for PKCS#8 EncryptedPrivateKeyInfo Algorithm OID 1.2.840.113549.1.5.13 As defined in PKCS #5 v2.0 PBES2Algorithms ALGORITHM-IDENTIFIER ::= { {PBES2-params IDENTIFIED BY id-PBES2}, ...} id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}
03-03-2006

EVALUATION Too late for mustang, may try to address in dolphin.
09-02-2006