On Thu, 1 Oct 2020 20:02:34 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> Default algorithms are bumped to be based on PBES2 with AES-256 and SHA-256. > Please also review the CSR at > https://bugs.openjdk.java.net/browse/JDK-8228481. TBD: We bumped iteration counts for PBE and HMAC to 50000 and 100000 when we were using weak algorithms. Now that the algorithms are strong, we can consider lower them. Currently, openssl 3.0.0 uses 2048 and Windows Server 2019 uses 2000. ------------- PR: https://git.openjdk.java.net/jdk/pull/473
