On 12/20/10 7:29 AM, Florian Weimer wrote:
* Sean Mullan:
Oh, and I just realized that MD5 and HmacMD5 are missing. These
algorithms are still heavily used (and HmacMD5 is not really broken,
it's only guilty by association).
Yes, MD5 is still in use, but I think it is decreasing in use
significantly. Can you give more rationale, for example data that
would suggest that not making these algorithms a requirement would
affect a significant number of Java applications or where
SHA-1/HmacSHA1 would not be an adequate alternative?
I think it's used internally in TLS until TLS 1.2 (as noted by
others).
There are also many applications which use MD5 as some sort of content
descriptor. For instance, the AV industry uses MD5 for identifying
malware samples. (It's not cryptographically strong, but it's
certainly better than W32/Backdoor.QCT.gen.)
I've added MD5 and HmacMD5 to the latest revision at:
http://cr.openjdk.java.net/~mullan/5001004/review.01/StandardNames.html#impl
TLS_RSA_WITH_AES_128_CBC_SHA is not listed because we did not specify
that TLS 1.1 or TLS 1.2 should be requirements. TLS 1.1 and 1.2 are
new features of JDK 7 and AFAIU are not as widely used as TLS 1.0 yet.
Support for all the primitives in TLS_RSA_WITH_AES_128_CBC_SHA is
already required, so I would be surprised if any implementation
actually omitted this, given the performance improvement over 3DES.
So why not mandate it outright?
We are trying to be conservative with this initial list of required algorithms,
recognizing that it will grow over time. If we add TLS_RSA_WITH_AES_128_CBC_SHA
to the list (which is a TLS 1.2 mandatory cipher suite), then someone may argue
why we didn't also add TLS_RSA_WITH_3DES_EDE_CBC_SHA (which is a TLS 1.1
mandatory cipher suite). My preference would be to not add these to the list
until we add TLS 1.1/1.2 to the required list (probably in JDK 8).
--Sean
