So that needs to be replaced. We will need a try/catch for opening a file where we try to open with SHA-2 and fallback to SHA-1 and the save will need to always be SHA-2
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I write down the code to colse this bug using the instance of PBKDF2WithHmacSHA512.
But I got an error, SecretKeyFactory.getInstance(“PBKDF2WithHmacSHA512”) throws NoSuchAlgorithmException.
After some Internet reading I understand that it is a problem of OpenJDK that implements only SHA-1.
Is it correct ?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Haha! "Better late than never" is right. :) That thread is 2 years old! Talk about cleaning up old emails. :)
BTW --- Mark, I like the house renovations you've been doing. Time to do some SDM renovations. I haven't coded in Java for a long time! For fun, I was doing Javascript/Node.js but now mainly C# with Unity.
I hope you and Mirko are doing well!
On Thursday, September 26, 2019, 09:16:43 AM PDT, mark tomlinson marktoml@users.sourceforge.net wrote:
Better late than never -- yes that was the limitation.
Yes, a quick review shows we are currently using SHA-1:
private Key buildKey(char[] password) throws InvalidKeySpecException, NoSuchAlgorithmException {
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
KeySpec keySpec = new PBEKeySpec(password, salt, pswdIterations, keySize);
SecretKey secretKey = secretKeyFactory.generateSecret(keySpec);
Key key = new SecretKeySpec(secretKey.getEncoded(), "AES");
return key;
}
So that needs to be replaced. We will need a try/catch for opening a file where we try to open with SHA-2 and fallback to SHA-1 and the save will need to always be SHA-2
Hi Mark,
I write down the code to colse this bug using the instance of PBKDF2WithHmacSHA512.
But I got an error, SecretKeyFactory.getInstance(“PBKDF2WithHmacSHA512”) throws NoSuchAlgorithmException.
After some Internet reading I understand that it is a problem of OpenJDK that implements only SHA-1.
Is it correct ?
Better late than never -- yes that was the limitation.
Haha! "Better late than never" is right. :) That thread is 2 years old! Talk about cleaning up old emails. :)
BTW --- Mark, I like the house renovations you've been doing. Time to do some SDM renovations. I haven't coded in Java for a long time! For fun, I was doing Javascript/Node.js but now mainly C# with Unity.
I hope you and Mirko are doing well!
On Thursday, September 26, 2019, 09:16:43 AM PDT, mark tomlinson marktoml@users.sourceforge.net wrote:
Better late than never -- yes that was the limitation.
[bugs:#29] Insure SHA-1 is removed
Status: open
Group: 2.3
Created: Wed Jan 27, 2016 05:23 PM UTC by mark tomlinson
Last Updated: Fri Feb 26, 2016 02:23 PM UTC
Owner: Mirko
Need to be fully migrated to SHA-2 and off of SHA-1. A migration should be invisible to the user.
Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/sdm/bugs/29/
To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/
Related
Bugs: #29