2016/4/8 9:52:56 -0700, anthony.vanelverdin...@gmail.com: > I don't mind if decryption support is added for the "Traditional > Encryption". However, I believe it would be wrong to introduce > encryption support for a known-to-be-broken encryption method in the > JDK. Using the argument of "it's good enough for our case", I could also > argue that Base64 qualifies as an encryption method, or that SSLv2 is an > appropriate choice to secure network connections.
I have to agree. I don't think it makes sense to add a known-vulnerable encryption algorithm to the JDK. It might work perfectly well for one use case but it will eventually be used by someone who doesn't take the time to understand it, assumes that it provides strong encryption when it doesn't, gets burned, and then blames Java. - Mark
