Home.... | log in.... | Pub my question! | Sign-up....

Java-index >> Security >> Cryptography

Password Based Encryption with PBEWithMD5AndTripleDES issue

Possible Triple DES issue? I have successfully used the following code

snippet in jdk 1.4.2x and 1.5.x, but it no longer works in java6 ( jdk 1.6 ). It will

fail when the Cipher is initialized, throws Exception text "Illegal key size". It

will work if you switch the algorithm to "PBEWithMD5AndDES" though.

Does anyone have any ideas?

I could not find anything in the documentation, to explain the change.

SecretKey key = SecretKeyFactory.getInstance(

"PBEWithMD5AndTripleDES" ).generateSecret( keySpec );

cipher = Cipher.getInstance( key.getAlgorithm() );

/* cipher.init( mode, key, paramSpec ); */// Fails here: Illegal key size

Thanks, lanzir

[800 byte] By [lanzir-hhcaa] at [2007-11-26 16:19:30]

«« Advice needed from those who use after action to create shared directories.
»» Bug in JSF maybe

# 1

Using SunJCE provider PBEWithMD5AndTripleDES works for me in 1.5 and 1.6 !

sabre150a at 2007-7-8 22:42:54 >

top of Java-index,Security,Cryptography...

# 2

Thank you for the response.

Could you compile the following code and run it?

Or can see any issues with the code, any help would be appreciated.

I still cannot run the following on 1.6.

import java.io.*;

import javax.crypto.*;

import javax.crypto.interfaces.*;

import javax.crypto.spec.*;

import java.security.spec.*;

import java.util.zip.*;

import java.util.*;

/**

* Test Triple DES

public class DesCoder {

public String initCipher() {

String result = "";

String passPhrase = "test";

try {

// 8-byte Salt

byte[] salt = {

(byte)0xA9, (byte)0x9B, (byte)0xC8, (byte)0x32,

(byte)0x56, (byte)0x35, (byte)0xE3, (byte)0x03

};

int iterationCount = 19;

KeySpec keySpec =

new PBEKeySpec( passPhrase.toCharArray(),

salt, iterationCount );

SecretKey key = SecretKeyFactory.getInstance(

"PBEWithMD5AndDES" ).generateSecret( keySpec );

SecretKey key = SecretKeyFactory.getInstance(

"PBEWithMD5AndTripleDES" ).generateSecret( keySpec );

Cipher cipher = Cipher.getInstance( key.getAlgorithm() );

AlgorithmParameterSpec paramSpec =

new PBEParameterSpec( salt, iterationCount );

// Initialize the ciphers

cipher.init( Cipher.ENCRYPT_MODE, key, paramSpec );

result = "All is well";

}

catch ( java.security.InvalidAlgorithmParameterException e ) {

result = e.getMessage();

}

catch ( java.security.spec.InvalidKeySpecException e ) {

result = e.getMessage();

}

catch ( javax.crypto.NoSuchPaddingException e ) {

result = e.getMessage();

}

catch ( java.security.NoSuchAlgorithmException e ) {

result = e.getMessage();

}

catch ( java.security.InvalidKeyException e ) {

result = e.getMessage();

}

catch ( Exception e ) {

result = e.getMessage();

}

return result;

}

public static void main( String[] args ) {

System.out.println( new DesCoder().initCipher() );

}

Thanks again, lanzir

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 3

Modifying the main() toSystem.out.println(System.getProperty("java.vm.version"));System.out.println( new DesCoder().initCipher() );gives 1.6.0-b105All is wellRunning on Linux FC5.

sabre150a at 2007-7-8 22:42:54 >

# 4

I get:1.6.0-b105Illegal key sizeRunning on "Windows XP Pro SP2"I have and old Debian box around somewhere, I'll try it there.Unfortunately, a version of this code runs on the client side. And mostif not all are Windows boxes.Thanks, lanzir

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 5

> I get:> > 1.6.0-b105> Illegal key size> > Running on "Windows XP Pro SP2":-) I'm obviously a bit slow today - I bet you have not installed the Unlimited Streangth Jurisdiction Policy Files!

sabre150a at 2007-7-8 22:42:54 >

# 6

Nope, it does work for me on Debian "etch".

lanzir@debian-test:~$ /usr/local/jdk1.6.0/bin/javac -classpath ./ DesCoder.java

lanzir@debian-test:~$ /usr/local/jdk1.6.0/bin/java -classpath ./ DesCoder

1.6.0-b105

Illegal key size

lanzir@debian-test:~$

lanzir@debian-test:~$ uname -a

Linux debian-test 2.6.17-2-686 #1 SMP Wed Sep 13 16:34:10 UTC 2006 i686 GNU/Linux

lanzir@debian-test:~$

lanzir@debian-test:~$ /usr/local/jdk1.6.0/bin/java -version

java version "1.6.0"

Java(TM) SE Runtime Environment (build 1.6.0-b105)

Java HotSpot(TM) Client VM (build 1.6.0-b105, mixed mode, sharing)

lanzir@debian-test:~$

This seems odd, any thoughts?

Thanks, Rich

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 7

No I have not installed the Unlimited Streangth Jurisdiction Policy Files, is thisnew to Java 1.6?I sure hope that all desktops do not have to be updated.I'll look for the docs on that subject.Thanks for help, Rich

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 8

> No I have not installed the Unlimited Streangth

> Jurisdiction Policy Files, is this

> new to Java 1.6?

No, not new! Any use of DESede has always needed them installed.

> I sure hope that all desktops do not have to be

> updated.

If you need to use DESede then yes they will have to be updated.

> I'll look for the docs on that subject.

> Thanks for help, Rich

sabre150a at 2007-7-8 22:42:54 >

# 9

Not true, grab 1.4.2 xxx or 1.5 xxx from the archives and compile and run the

code. It works right from the get-go. I also have it running on freeBSD 6.1 with

jdk 1.5 patch set 7. All with out adding additional policy files.

Was there a bug all along, that allowed it work without the additional files since

jdk 1.4?

Thanks, Rich

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 10

Additional info:

%javac -classpath ./ DesCoder.java

%java -classpath ./ DesCoder

All is well

%uname -a

FreeBSD s2.hhcainc.com 6.1-RELEASE-p11 FreeBSD 6.1-RELEASE-p11 #0: Mon Dec 18 13:51:33 EST 2006

%java -version

java version "1.5.0"

Java(TM) 2 Runtime Environment, Standard Edition (build diablo-1.5.0-b00)

Java HotSpot(TM) Client VM (build diablo-1.5.0_07-b00, mixed mode)

Rich

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 11

> Not true, grab 1.4.2 xxx or 1.5 xxx from the archives

Then we have to agree to disagree! I have used DESede since JDK1.2 with JCE1.2.x and have always had to install the Unlimited files.

> and compile and run the

> code. It works right from the get-go. I also have it

> running on freeBSD 6.1 with

> jdk 1.5 patch set 7. All with out adding additional

> policy files.

I have no idea what this means so I can't comment.

> Was there a bug all along, that allowed it work

> without the additional files since

> jdk 1.4?

I'm pretty sure no bug.

P.S. Do a search of this forum - it comes up frequently.

Message was edited by:

sabre150

sabre150a at 2007-7-8 22:42:54 >

# 12

Thank you for your time and effort.Rich

lanzir-hhcaa at 2007-7-8 22:42:54 >

# 13

I'd like to jump in here and say I've been affected by this issue also, but I think the issue is more sinister than it first appears.

I'm in the process of upgrading our servers from JDK 5 to JDK 6. We have been using PBEWITHMD5ANDTRIPLEDES to encrypt our data, and we have not needed to install the Unlimited Strength Java(TM) Cryptography Extension Policy Files to date - PBEWITHMD5ANDTRIPLEDES seemed to work out of the box.

When upgrading to JDK 6 however, I started seeing this "Illegal key size" exception. Installing the policy files fixes the exception - but my servers running JDK 5 are no longer able to pass encrypted data to servers running JDK 6.

I ran the following test case under JDK 5 and JDK 6 with and without the policy files installed, on both Linux and Windows. It looks to me like JDK 5 does not use the encryption algorithm you specify at all -- and defaults to PBEWITHMD5ANDDES - i.e. 56-bit security. Is this a glaring security flaw in JDK 5, which is actually fixed in JDK 6?

Here's the test code:

import javax.crypto.spec.PBEKeySpec;

import javax.crypto.spec.PBEParameterSpec;

import javax.crypto.SecretKey;

import javax.crypto.SecretKeyFactory;

import javax.crypto.Cipher;

import java.security.spec.KeySpec;

import java.security.spec.AlgorithmParameterSpec;

import java.security.Security;

import java.util.Arrays;

public class JDKIssueTestCase {

public static void main(String[] args) {

System.out.println("JVM Name: \"" + System.getProperty("java.vm.name") + "\" Version: \"" + System.getProperty("java.vm.version") + "\" Vendor: \"" + System.getProperty("java.vm.vendor") + "\"");

System.out.println("OS Name: \"" + System.getProperty("os.name") + "\" Version: \"" + System.getProperty("os.version") + "\" Architecture: \"" + System.getProperty("os.arch") + "\"");

System.out.println("Sun JCE: [" + Security.getProvider("SunJCE") + "] Info: [" + Security.getProvider("SunJCE").getInfo() + "]");

String[] algorithmsToTest = { "PBEWITHMD5ANDTRIPLEDES", "PBEWITHSHA1ANDDESEDE", "PBEWITHMD5ANDDES", "PBEWITHSHA1ANDRC2_40" };

for (String algorithm : algorithmsToTest) {

String algorithmMaxAllowedKeyLength;

try {

algorithmMaxAllowedKeyLength = String.valueOf(Cipher.getMaxAllowedKeyLength(algorithm));

}

catch (Exception e) {

algorithmMaxAllowedKeyLength = e.toString();

}

String result;

try {

// Text to encrypt...

final String testInputText = "This is a test.";

final String testPassphrase = "Test passphrase.";

// Random salt...

final byte[] salt = {

(byte)0xA5, (byte)0x9E, (byte)0xC8, (byte)0x32,

(byte)0x43, (byte)0xF5, (byte)0xEA, (byte)0x03

};

// Create the encryption key from the passphrase...

KeySpec keySpec = new PBEKeySpec(testPassphrase.toCharArray(), salt, 19);

SecretKey key = SecretKeyFactory.getInstance(algorithm).generateSecret(keySpec);

// Prepare the ciphers from the key...

Cipher ecipher = Cipher.getInstance(key.getAlgorithm());

// Prepare the salt parameter to the ciphers...

AlgorithmParameterSpec paramSpec = new PBEParameterSpec(salt, 19);

// Initialise the cipher...

ecipher.init(Cipher.ENCRYPT_MODE, key, paramSpec);

// Get input as bytes...

byte[] utf8 = testInputText.getBytes("UTF8");

// Encrypt the bytes...

byte[] enc = ecipher.doFinal(utf8);

result = "Encrypted: " + Arrays.toString(enc);

}

catch (Exception e) {

result = "Failed: [" + e.toString() + "]";

}

System.out.println("\nAlgorithm: [" + algorithm + "] Max key length: [" + algorithmMaxAllowedKeyLength + "]\nResult " + result);

}

And here's the output under various environments:

=========================

JDK 1.5 no policy files installed

JVM Name: "Java HotSpot(TM) 64-Bit Server VM" Version: "1.5.0_09-b03" Vendor: "Sun Microsystems Inc."

OS Name: "Linux" Version: "2.6.19-1.2895.fc6" Architecture: "amd64"

Sun JCE: [SunJCE version 1.5] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

Algorithm: [PBEWITHMD5ANDTRIPLEDES] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDDESEDE] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHMD5ANDDES] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDRC2_40] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

=========================

JDK 1.5 with policy files installed

JVM Name: "Java HotSpot(TM) 64-Bit Server VM" Version: "1.5.0_09-b03" Vendor: "Sun Microsystems Inc."

OS Name: "Linux" Version: "2.6.19-1.2895.fc6" Architecture: "amd64"

Sun JCE: [SunJCE version 1.5] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

Algorithm: [PBEWITHMD5ANDTRIPLEDES] Max key length: [2147483647]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDDESEDE] Max key length: [2147483647]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHMD5ANDDES] Max key length: [2147483647]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDRC2_40] Max key length: [2147483647]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

=========================

JDK 1.6 no policy files installed

JVM Name: "Java HotSpot(TM) 64-Bit Server VM" Version: "1.6.0-b105" Vendor: "Sun Microsystems Inc."

OS Name: "Linux" Version: "2.6.19-1.2895.fc6" Architecture: "amd64"

Sun JCE: [SunJCE version 1.6] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

Algorithm: [PBEWITHMD5ANDTRIPLEDES] Max key length: [128]

Result Failed: [java.security.InvalidKeyException: Illegal key size]

Algorithm: [PBEWITHSHA1ANDDESEDE] Max key length: [128]

Result Encrypted: [-70, -45, 57, 35, -29, 5, -113, -118, 102, 14, -119, -81, 125, 8, 56, -8]

Algorithm: [PBEWITHMD5ANDDES] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDRC2_40] Max key length: [128]

Result Encrypted: [50, 66, -63, -84, -123, 13, -113, 77, 67, 80, -66, -70, 90, 23, -53, 13]

=========================

JDK 1.6 with policy files installed

JVM Name: "Java HotSpot(TM) 64-Bit Server VM" Version: "1.6.0-b105" Vendor: "Sun Microsystems Inc."

OS Name: "Linux" Version: "2.6.19-1.2895.fc6" Architecture: "amd64"

Sun JCE: [SunJCE version 1.6] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

Algorithm: [PBEWITHMD5ANDTRIPLEDES] Max key length: [2147483647]

Result Encrypted: [120, 127, -52, -65, -121, 88, 20, 42, 27, -61, -101, 69, -82, -18, 127, 28]

Algorithm: [PBEWITHSHA1ANDDESEDE] Max key length: [2147483647]

Result Encrypted: [-70, -45, 57, 35, -29, 5, -113, -118, 102, 14, -119, -81, 125, 8, 56, -8]

Algorithm: [PBEWITHMD5ANDDES] Max key length: [2147483647]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDRC2_40] Max key length: [2147483647]

Result Encrypted: [50, 66, -63, -84, -123, 13, -113, 77, 67, 80, -66, -70, 90, 23, -53, 13]

=========================

Additional test: JDK 1.5 no policy files installed on Windows

JVM Name: "Java HotSpot(TM) Client VM" Version: "1.5.0-b64" Vendor: "Sun Microsystems Inc."

OS Name: "Windows XP" Version: "5.1" Architecture: "x86"

Sun JCE: [SunJCE version 1.5] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

Algorithm: [PBEWITHMD5ANDTRIPLEDES] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDDESEDE] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHMD5ANDDES] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Algorithm: [PBEWITHSHA1ANDRC2_40] Max key length: [128]

Result Encrypted: [-56, -33, -40, -75, -41, 48, -39, 83, 122, 88, -70, 27, -69, 55, 85, -18]

Note the output of all 4 algorithms under JDK 5 is the same. It matches the output of the PBEWITHMD5ANDDES algorithm under JDK 6.

If this really is a bug, it is a whopping big bug. It would mean that everyone out there using PBE encryption under JDK 5 is getting only 56-bit DES encryption no matter what algorithms they think they're using.

Please tell me if I'm doing something wrong here, and this not actually a bug!

Can anybody run this test to verify?

npgalla at 2007-7-8 22:42:54 >

# 14

If this is true then, as you say, it is a big security issue. I will try your code this evening to try to understand what is going on and let you know.

sabre150a at 2007-7-8 22:42:54 >

# 15

> If this is true then, as you say, it is a big

> security issue. I will try your code this evening to

> try to understand what is going on and let you know.

There is certainly an issue with PBE DESede using SunJCE but I don't think it is an issue with DESede, just the combination of PBE with DESede. I see the same basic problem with JDK1.4.1, 1.4.2 and 1.5 . I shall, over the next few days, look further at the problem but I think you could report a bug right now.

Things I shall check -

1) See the same problem exists with Bouncy Castle provider.

2) Install 1.5 without the Jurisdiction files and check DESede with SunJCE provider.

3) Make sure I/we are using PBE correctly because my normal approach is slightly different to yours but still yields the same problem.

sabre150a at 2007-7-21 16:43:45 >

# 16

I just investigated further: there is a bug in Key.getAlgorithm() in JDK 5. No matter what algorithm the key was generated for, this method returns PBEWITHMD5ANDDES.

I think this proves the bug exists, and has serious security implications for users of PBE encryption on JDK5 (and possibly earlier versions).

Here is a test case:

import javax.crypto.spec.PBEKeySpec;

import javax.crypto.SecretKeyFactory;

import javax.crypto.SecretKey;

import java.security.spec.KeySpec;

import java.security.Security;

public class JDKIssueBugIdentifiedTestCase {

public static void main(String[] args) {

System.out.println("JVM Name: \"" + System.getProperty("java.vm.name") + "\" Version: \"" + System.getProperty("java.vm.version") + "\" Vendor: \"" + System.getProperty("java.vm.vendor") + "\"");

System.out.println("OS Name: \"" + System.getProperty("os.name") + "\" Version: \"" + System.getProperty("os.version") + "\" Architecture: \"" + System.getProperty("os.arch") + "\"");

System.out.println("Sun JCE: [" + Security.getProvider("SunJCE") + "] Info: [" + Security.getProvider("SunJCE").getInfo() + "]");

String[] algorithmsToTest = { "PBEWITHMD5ANDTRIPLEDES", "PBEWITHSHA1ANDDESEDE", "PBEWITHMD5ANDDES", "PBEWITHSHA1ANDRC2_40" };

for (String algorithmRequested : algorithmsToTest) {

try {

// Random salt...

final byte[] salt = {

(byte)0xA5, (byte)0x9E, (byte)0xC8, (byte)0x32,

(byte)0x43, (byte)0xF5, (byte)0xEA, (byte)0x03

};

// Create the encryption key from the passphrase...

KeySpec keySpec = new PBEKeySpec("Test passphrase".toCharArray(), salt, 19);

SecretKeyFactory factory = SecretKeyFactory.getInstance(algorithmRequested);

String algorithmReturnedByFactory = factory.getAlgorithm();

SecretKey key = factory.generateSecret(keySpec);

String algorithmReturnedByKey = key.getAlgorithm();

System.out.println();

System.out.println("algorithmRequested: " + algorithmRequested);

System.out.println("algorithmReturnedByFactory: " + algorithmReturnedByFactory);

System.out.println("algorithmReturnedByKey: " + algorithmReturnedByKey);

if (algorithmRequested.equalsIgnoreCase(algorithmReturnedByKey)) {

System.out.println("NO BUG FOUND.");

}

else {

System.out.println("BUG FOUND: Algorithm returned by key differs from algorithm requested.");

}

catch (Exception e) {

System.out.println("Exception for algorithm [" + algorithmRequested + "]: " + e);

}

And here is the output:

=====================

JDK 1.5...

JVM Name: "Java HotSpot(TM) 64-Bit Server VM" Version: "1.5.0_09-b03" Vendor: "Sun Microsystems Inc."

OS Name: "Linux" Version: "2.6.19-1.2895.fc6" Architecture: "amd64"

Sun JCE: [SunJCE version 1.5] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

algorithmRequested: PBEWITHMD5ANDTRIPLEDES

algorithmReturnedByFactory: PBEWITHMD5ANDTRIPLEDES

algorithmReturnedByKey: PBEWithMD5AndDES

BUG FOUND: Algorithm returned by key differs from algorithm requested.

algorithmRequested: PBEWITHSHA1ANDDESEDE

algorithmReturnedByFactory: PBEWITHSHA1ANDDESEDE

algorithmReturnedByKey: PBEWithMD5AndDES

BUG FOUND: Algorithm returned by key differs from algorithm requested.

algorithmRequested: PBEWITHMD5ANDDES

algorithmReturnedByFactory: PBEWITHMD5ANDDES

algorithmReturnedByKey: PBEWithMD5AndDES

NO BUG FOUND.

algorithmRequested: PBEWITHSHA1ANDRC2_40

algorithmReturnedByFactory: PBEWITHSHA1ANDRC2_40

algorithmReturnedByKey: PBEWithMD5AndDES

BUG FOUND: Algorithm returned by key differs from algorithm requested.

=====================

JDK 1.6...

JVM Name: "Java HotSpot(TM) 64-Bit Server VM" Version: "1.6.0-b105" Vendor: "Sun Microsystems Inc."

OS Name: "Linux" Version: "2.6.19-1.2895.fc6" Architecture: "amd64"

Sun JCE: [SunJCE version 1.6] Info: [SunJCE Provider (implements RSA, DES, Triple DES, AES, Blowfish, ARCFOUR, RC2, PBE, Diffie-Hellman, HMAC)]

algorithmRequested: PBEWITHMD5ANDTRIPLEDES

algorithmReturnedByFactory: PBEWITHMD5ANDTRIPLEDES

algorithmReturnedByKey: PBEWithMD5AndTripleDES

NO BUG FOUND.

algorithmRequested: PBEWITHSHA1ANDDESEDE

algorithmReturnedByFactory: PBEWITHSHA1ANDDESEDE

algorithmReturnedByKey: PBEWithSHA1AndDESede

NO BUG FOUND.

algorithmRequested: PBEWITHMD5ANDDES

algorithmReturnedByFactory: PBEWITHMD5ANDDES

algorithmReturnedByKey: PBEWithMD5AndDES

NO BUG FOUND.

algorithmRequested: PBEWITHSHA1ANDRC2_40

algorithmReturnedByFactory: PBEWITHSHA1ANDRC2_40

algorithmReturnedByKey: PBEWithSHA1AndRC2_40

NO BUG FOUND.

There don't seem to be any existing bug reports for this. This is a serious bug - it has caused us at this company to encrypt our data with 56-bit security instead of 112-bit security. It will affect anyone using Key.getAlgorithm() in their encryption code.

The bug has been fixed in JDK 6, but there is a workaround for JDK 5: don't use key.getAlgorithm() !

In my previous test case, changing...

Cipher ecipher = Cipher.getInstance(key.getAlgorithm());

Cipher ecipher = Cipher.getInstance(algorithm);

...fixes the problem.

Note that with this workaround in place in my original test case, requesting PBEWITHMD5ANDTRIPLEDES with JDK 5 without policy files *NOW* causes the "Illegal key size" exception, because it actually tries to use the TripleDES algorithm.

I'd imaging that you guys who have been 'successfully' using TripleDES on JDK 5 without policy files installed, have actually been using DES encryption without knowing it.

npgalla at 2007-7-21 16:43:45 >

# 17

Sabre I agree with you there.Is it possible to submit a bug for JDK 5 now that JDK 6 has shipped?I'll try to submit a bug report over the next few days -- gotta take a break from this for now!Enjoy the weekend.

npgalla at 2007-7-21 16:43:45 >

# 18

Well spotted!

It seems that key.getAlgorithm() always returns PBEWithMD5AndDES even if you specify PBEWithSHA1AndDESede. It is interesting that I have never fallen for this because I never use key.getAlgorithm(); I always explicitly define the algorithm.

I have used DESede for several projects but I have never used PBE with DESede in earnest. I have been very lucky.

sabre150a at 2007-7-21 16:43:45 >

# 19

I have just found a matching bug for this: http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6332761It has been fixed in "Mustang" - JDK 6.

npgalla at 2007-7-21 16:43:45 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

Password Based Encryption with PBEWithMD5AndTripleDES issue

Security New Topic

Security Hot Topic

Security

All Classified