Bug ID: JDK-6383200 PBE: need new algorithm support in password based encryption

Versions (Unresolved/Resolved/Fixed)

The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.

JDK 7	JDK 8	Other
7u211Fixed	8 b65Fixed	openjdk7uFixed

A DESCRIPTION OF THE REQUEST :
JavaTM Cryptography Extension (JCE) desparately needs updating with new algorithms for Password-Based Encryption (PBE)!

I have source code which determines all of the available algorithms (ask me if you want a copy and I'll give it to you). The result when executed against JDK 1.5 for SecretKeyFactory (which is used for PBE) is the following list of algorithms:
DES
DESEDE
PBE
PBEWITHMD5ANDDES
PBEWITHMD5ANDTRIPLEDES
PBEWITHSHA1ANDDESEDE
PBEWITHSHA1ANDRC2_40

This is bad--all of those algorithms are getting pretty obsolete by now.

MD5
http://en.wikipedia.org/wiki/Md5
and SHA1
http://en.wikipedia.org/wiki/SHA_hash_functions
are poor choices as digests, now that they have been cracked as mentioned in the links above; see also
http://www.networkworld.com/news/2005/110105-nist-crypto.html

You really need to offer the "SHA-2" varaiants of the SHA algorithm for use as digests with PBE. I would personally like to use SHA-512.

As for the encryption algorithm choices currently offered, DES has been hopelessly insecure for years
http://en.wikipedia.org/wiki/Data_Encryption_Standard
while DESEDE/TRIPLEDES has mediocre security and is very slow.

I would really like to see you offer AES, particularly AES-256 (256 bit keys), for use as an encryption algorithm with PBE.

Just look at all the other people who have been requesting this on your forums for years now:
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=277910
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=542790
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=633953
http://forum.java.sun.com/thread.jspa?forumID=9&threadID=458182
!!!

JUSTIFICATION :
Current algorithms supported are vulnerable and/or slow.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
Support modern algorithms.

CUSTOMER SUBMITTED WORKAROUND :
None. Cannot even goto Bouncy Castle for PBE with SHA-512 as the digest and AES-256 as the encryption algorithm.

Marking this as verified based on the test dev status of the Test Plan

10-07-2013

EVALUATION Aside from the AES thread generated in the webbugs, from a separate thread of email, which also talks about possibly needing additional PBE algorithms. Solaris is merging some OpenSSL code, and will have support for several additional algorithms. A Sun project was asking if we would have support for some of these algorithms as well, in regards to how they plan to support PKCS12 keystore types. PKCS#12 defines following PBE algorithms a) pbeWithSHAAnd128BitRC4 b) pbeWithSHAAnd40BitRC4 c) pbeWithSHAAnd3-KeyTripleDES-CBC d) pbeWithSHAAnd2-KeyTripleDES-CBC e) pbeWithSHAAnd128BitRC2-CBC f) pbewithSHAAnd40BitRC2-CBC We support (c) and (f) only. The project plans to stick with f) for now. And...Encryption algorithm for PKCS#8 EncryptedPrivateKeyInfo Algorithm OID 1.2.840.113549.1.5.13 As defined in PKCS #5 v2.0 PBES2Algorithms ALGORITHM-IDENTIFIER ::= { {PBES2-params IDENTIFIED BY id-PBES2}, ...} id-PBES2 OBJECT IDENTIFIER ::= {pkcs-5 13}

03-03-2006

EVALUATION Too late for mustang, may try to address in dolphin.

09-02-2006

Relates :	JDK-8269216 - Useless initialization in com/sun/crypto/provider/PBES2Parameters.java
Relates :	JDK-8046111 - JEP 121: Stronger Algorithms for Password-Based Encryption
Relates :	JDK-8180710 - PBKDF2 SecretKeyFactory and PBES2 Cipher algorithms