On 11/1/18 11:27 AM, Xuelei Fan wrote:
What do you think if adding a note that the default value may be
different for each provider, and may be changed from time to time with
the development of crypto analysis?
I didn't want to get too wordy, just to make a concise point that
defaults can be problematic and are not recommended. My preference would
be to put more wording like that in the security guides.
--Sean
Xuelei
On 11/1/2018 7:57 AM, Sean Mullan wrote:
Please review this javadoc-only change to the Cipher class. An
@apiNote has been added to each of the getInstance methods to
recommend that the full transformation be specified when creating a
Cipher and to avoid relying on the defaults. Also a link to the
defaults used by the JDK providers has been added as an @implNote.
webrev: http://cr.openjdk.java.net/~mullan/webrevs/8212669/webrev.00/
bug: https://bugs.openjdk.java.net/browse/JDK-8212669
Thanks,
Sean
