[Ach] AppliedCryptoHardening: Java 7 DH-parameterlength limitation(1024bit)
Jan Hill
jan at jan-hill.com
Fri Jan 3 22:05:34 CET 2014
Hello,
first of all thank you for:
"AppliedCryptoHardening" :-)
In the paper I found this (page 52):
"We could not verify yet if installing JCE also fixes the Java7
DH-parameterlength limitation(1024bit). TODO:do that!"
In my opinion there is a limitation to 1024 also with the strong
encryption jars:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html
There ar some open issues in the tracker, but I can't send a link, looks
like the Bugtracker is down :(
In Java 8 is a bugfix up to 2048, I think this was included from b56 or
b58. I can't send a link, looks like the Bugtracker is down :(
http://download.java.net/jdk8/docs/technotes/guides/security/enhancements-8.html
Cheers
Jan
More information about the Ach
mailing list