On 12/16/10 1:26 PM, Sean Mullan wrote:
On 12/15/10 10:38 AM, Florian Weimer wrote:
Oh, and I just realized that MD5 and HmacMD5 are missing. These
algorithms are still heavily used (and HmacMD5 is not really broken,
it's only guilty by association).
Yes, MD5 is still in use, but I think it is decreasing in use significantly. Can
you give more rationale, for example data that would suggest that not making
these algorithms a requirement would affect a significant number of Java
applications or where SHA-1/HmacSHA1 would not be an adequate alternative?
Also, just FYI but we have no plans to remove support for MD5 and HmacMD5 from
OpenJDK.
It was pointed out to me that TLS 1.0 requires MD5 and HmacMD5. Since we have
listed TLS 1.0 as a requirement, then those should really be added to the
required algorithms list. So, I've added those to the list and posted a new
version at:
http://cr.openjdk.java.net/~mullan/5001004/review.01/StandardNames.html#impl
--Sean
