[Cryptography] Oracle discovers the 1990s in crypto
Henry Baker
hbaker1 at pipeline.com
Sun Jan 22 09:32:35 EST 2017
At 06:20 PM 1/21/2017, Peter Gutmann wrote:
>In case anyone missed it, Oracle will soon deprecate MD5 and use of keys under 1024 bits, and allow keys larger than 1024 bits to be used:
>
>https://www.bleepingcomputer.com/news/security/oracle-to-block-jar-files-signed-with-md5-starting-with-april-2017/
>
>https://www.java.com/en/jre-jdk-cryptoroadmap.html
>
>In other news, I expect them to announce porting Oracle to that newfangled Windows XP thing, and the upcoming release of a Windows 98 client for it.
It's always good to have a pre-arranged excuse for being hacked, but one that isn't tooo obvious.
It's also a d**n shame that Oracle has allowed Java to become such a security joke. After all, Java was the first language to attempt to get serious about controlling module loading and stack manipulation. Some of my CS friends are rightfully pleased with themselves for being so prescient, but horrified about what a joke Java became.
More information about the cryptography
mailing list