On Fri, 18 Jul 2025 16:37:25 GMT, Sean Mullan <mul...@openjdk.org> wrote:
> The Security Algorithm Implementation Requirements will be updated as follows: > > The following algorithms will be removed from the list of required algorithms > as they are no longer recommended, and should not be in wide usage anymore: > > AlgorithmParameters: DESede > Cipher: > DESede/CBC/NoPadding > DESede/CBC/PKCS5Padding > DESede/ECB/NoPadding > DESede/ECB/PKCS5Padding > RSA/ECB/PKCS1Padding > KeyGenerator: DESede > SecretKeyFactory: DESede > > The following PBES2 algorithms will be added as new requirements. These are > modern password-based encryption, mac and key derivation algorithms defined > in PKCS #5 version 2.1 ([RFC 8018](https://www.rfc-editor.org/rfc/rfc8018)): > > AlgorithmParameters: > PBEWithHmacSHA256AndAES_128 > PBEWithHmacSHA256AndAES_256 > Cipher: > PBEWithHmacSHA256AndAES_128 > PBEWithHmacSHA256AndAES_256 > Mac: > PBEWithHmacSHA256 > SecretKeyFactory: > PBEWithHmacSHA256AndAES_128 > PBEWithHmacSHA256AndAES_256 > PBKDF2WithHmacSHA256 Marked as reviewed by hchao (Reviewer). Changes look good. ------------- PR Review: https://git.openjdk.org/jdk/pull/26392#pullrequestreview-3035030281 PR Comment: https://git.openjdk.org/jdk/pull/26392#issuecomment-3091328062
