[Cryptix-commits] projects/jce/doc README.TXT

[<gel...@mx...>]

gelderen    03/02/07 10:05:25

  Modified:    jce/doc  README.TXT
  Log:
  Various fixes.

Revision  Changes    Path
1.9       +24 -9     projects/jce/doc/README.TXT

Index: README.TXT
===================================================================
RCS file: /home/cryptix-cvs/cvsroot/projects/jce/doc/README.TXT,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- README.TXT	3 Feb 2003 10:47:11 -0000	1.8
+++ README.TXT	7 Feb 2003 15:05:25 -0000	1.9
@@ -20,8 +20,14 @@
 
 Digital Signatures:
 
-  RSASSA-PSS (with MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1, SHA-256,
-              SHA-384, SHA-512 or Tiger)
+  RSASSA-PSS (with choice of MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1,
+              SHA-256, SHA-384, SHA-512 or Tiger hash algorithms)
+
+  NOTE: The hash function you choose when you instantiate RSASSA-PSS is used
+        for both message hashing and for the Mask Generation Function (MGF1).
+        It is presently not possible to use one hash function for message
+        hashing and another for MGF1.
+
   RSASSA-PKCS1 (with MD4, MD5, RIPEMD-128, RIPEMD-160 or SHA-1)
 
 Hash Functions:
@@ -40,7 +46,9 @@
 
 Public Key Crypto:
 
-  RSASSA-OAEP
+  RSASSA-OAEP (with choice of MD2, MD4, MD5, RIPEMD-128, RIPEMD-160, SHA-1,
+               SHA-256, SHA-384, SHA-512 or Tiger hash algorithms)
+
   RSASSA-PKCS1
 
 Secure Random Numbers (RNG)
@@ -48,6 +56,10 @@
   On UNIX systems with the CryptixRandom provider installed, SecureRandom makes
   use of the system RNG (/dev/random) if present. This is essential because the
   RNG built into the JVM is slow and possibly not as secure.
+
+  Note that Apple got it right on their port of the 1.3 JVM on OS X. The Apple
+  port uses /dev/random by default. This functionality can be managed by
+  changing the securerandom.source property in the java.security file.
   
 Symmetric Ciphers:
 
@@ -68,7 +80,7 @@
   RC4          yes                     n/a
   RC6          NO       128/192/256    128
   Rijndael     yes      128/192/256    128      Now known as AES
-  SKIPJACK     yes      80             64
+  SKIPJACK     yes      80             64       Formerly classified.
   Serpent      yes      128/192/256    128      Very high security margin
   Square       yes
   TripleDES    yes      168            64       
@@ -80,9 +92,8 @@
 
 Various companies hold various patents for various algorithms in various
 locations around the world. _YOU_ are responsible for ensuring that your use
-of any algorithms is legal by checking if there are any patents in your
-country.  The file contains some of the patents that we know about or are
-rumoured to exist. This is not a definitive list.
+of any algorithms is legal by checking if there exist any patents enforcable
+in your jurisdiction.  The following it a partial list: 
  
 RSA Security holds software patents on the RC5 algorithm.  If you
 intend to use this cipher, you must contact RSA Security for
@@ -106,12 +117,16 @@
 JDK 1.4 (Java 2 version 1.4)
 
   Cryptix JCE works out-of-the-box on JDK 1.4 but its functionality is 
-  restricted to the what Sun allows trough their Jurisdiction Policy Files.
+  restricted to what Sun allows trough their Jurisdiction Policy Files.
+  In practice this means that you are limited to what the French government
+  allows in terms of key sizes. Why Sun forces the French policy on the 
+  rest of the world, and especially the USA, is an open question.
 
   If you require using Cryptix without any restrictions whatsoever, 
   you must have the "Java Cryptography Extension (JCE) Unlimited Strength
   Jurisdiction Policy Files" installed. At the time of writing they can be
-  found at: http://java.sun.com/j2se/1.4/ .
+  found at: http://java.sun.com/j2se/1.4/ . Installing these is non-trivial
+  for casual users.
 
 
 JDK 1.2 and JDK 1.3 (Java 2 version 1.2/1.3)