Databases
StackOverflow2013
Postsdbo
PO
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    primarykey
    data
    text
    <h2>PBEWith&lt;Hash>AndTripleDES Requires "Unlimited Strength" Policy</h2> <p>This algorithm uses a 168-bit key (although due to vulnerabilities, it has an effective strength of 112 bits). To use a symmetric key of that length, you need the <a href="http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html" rel="nofollow noreferrer">"unlimited strength jurisdiction policy"</a> installed in your Java runtime.</p> <p>An "<em>Illegal</em> key size" message indicates the key length is not permitted by policy; if the key length is incorrect for the algorithm, the SunJCE provider uses the message, "<em>Wrong</em> key size".</p> <h2>Don't Use PBEWith&lt;Hash>AndTripleDES</h2> <p>Note that "PBEWithMD5AndTripleDES" is a bad algorithm to use.</p> <p>Password-based encryption generally follows <a href="http://tools.ietf.org/html/rfc2898" rel="nofollow noreferrer">PKCS #5.</a> It defines an encryption scheme for DES (or RC2) called PBES1. Because PBES1 was designed to generate 64-bit (or less) keys, Oracle has created a proprietary extension to generate longer keys. It hasn't been exposed to the same scrutiny that PKCS #5 has, and if you need to inter-operate with any other platform, you'll have to <a href="http://www.docjar.com/html/api/com/sun/crypto/provider/PBECipherCore.java.html#261" rel="nofollow noreferrer">dig into the source code</a> to find out how the key and initialization vector are derived.</p> <p>It's also strange that the initialization vector is derived from the password. The purpose of an IV is to create different cipher texts each time a given plain text is encrypted with the same key. If the IV is generated from the key, this purpose is defeated. The key-derivation algorithm used by PBES1 avoids this by incorporating a "salt" that is supposed to be different each time the password is used. But, it could be easy to screw this up; providing an IV directly to the cipher initialization is more conventional, and makes it more obvious what is happening.</p> <h2>Use PBKDF2 Instead</h2> <p>PKCS #5 also defines an key-derivation algorithm called PBKDF2 that is now supported by Java. It provides superior security to PBES1 because the initialization vector and any other parameters required by the cipher are <em>not</em> derived from the password, but are selected independently.</p> <p>Here's <a href="https://stackoverflow.com/a/992413/3474">an example with PBKDF2,</a> using AES. If you can't follow the recommendation to update to AES, the example can be applied to DESede by using a key length of 192, and changing occurrences "AES" to "DESede".</p> <h2>TDEA Keying Options</h2> <p>There are three keying options that can be used with TDEA ("Triple DES" or "DESede"). They take 64-, 128-, or 192-bit keys (including parity bits), depending on the option. </p> <p>The key sizes accepted by the TDEA implementation depend on the provider; a few require you to form a 192-bit key, even if you are using the 56-bit key option which is effectively DES instead of TDEA. Most implementations will take 16 or 24 bytes as a key.</p> <p>Only the three-key option (168 bits, or 192 bits with parity) can be considered "strong encryption". It has 112 bits of effective strength.</p>
    singulars
    1. This table or related slice is empty.
    1. POWhat is the key size for PBEWithMD5AndTripleDES?
      singulars
      1. PTQuestion
    1. PTAnswer
    1. USCommunity
    1. USerickson
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. POWhat is the key size for PBEWithMD5AndTripleDES?
      singulars
      1. PTQuestion
    1. This table or related slice is empty.
    1. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTAcceptedByOriginator
    3. VO
      singulars
      1. PO
      1. This table or related slice is empty.
      1. VTUpMod
    1. CODoes this mean I need to explicitly set keyLength of 128? That sounds like the obvious thing to try, but I couldn't find any confirmation or examples online, and with cryptography I'm loathe to just "try it and see if it works."
      singulars
      1. PO
      1. USskiphoppy
    2. COThere are several ways to do PBE in Java. Are you passing a `KeySpec` to a `SecretKeyFactory`, then using the resulting `SecretKey` with a "DESede" `Cipher` object, or are you trying to use a "PBEWithMD5AndTripleDES" `Cipher` in one step? Also, what security provider are you using? While [this example](http://stackoverflow.com/a/992413/3474) is for AES-256, the same approach is what I recommend for TDEA, because you can use PBKDF2, which is a better key derivation algorithm.
      singulars
      1. PO
      1. USerickson
    3. COI'm trying to use PBEWithMD5AndTripleDES in one step. I'll add sample code. I am using no security provider other than what is present in the JDK. At this point I'd like to make minimal changes to what we've already got in operation, but not so minimal that it is not secure or does not work.
      singulars
      1. PO
      1. USskiphoppy
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload