I don't know of anything like that. As Michael points out, key Lengths
by themselves are not always a good indicator of relative stength.
BTW, JSSE hard-codes the choices.
Brad
On 10/23/2011 6:52 PM, Weijun Wang wrote:
Hi Andrew
I need a method
boolean isWeakerThan(String a1, String a2)
I don't think we have similar methods.
I was wondering, sometimes, we may not be able to compare the strength
of two hash functions strictly. There are different "attacks" on
different hash functions. One hash function maybe safe to one attack
method but may be weak for another attack method.
In
Assuming that a1 and a2 both refer to MessageDigest implementations, then you
could simply compare MessageDigest.getInstance(a1).getDigestLength(). It
won't give you an absolute - MD5 for example is weaker than its bit length
would lead you to believe.
Also, getDigestLength() can return 0 to
Hi Andrew
I need a method
boolean isWeakerThan(String a1, String a2)
so that isWeakerThan("MD5", "SHA1") returns true and
isWeakerThan("SHA-256", "SHA1") returns false. I know you have done a
lot of constraints works in JDK 7. Do you have an existing one?
Otherwise, I plan to manually assi
Hi Chris,
On 22/10/2011 1:43 AM, Chris Hegarty wrote:
All of the security native libraries have runtime dependencies on
libjava and libjvm, most of which are completely unnecessary. This CR
proposes to remove these dependencies and provide localized versions of
the trivial utility functions that
