This past week, two Mark Reinhold messages (here and here) on the OpenJDK jdk-dev mailing list proposed two new JEPs for inclusion with JDK 11: JEP 329 ["ChaCha20 and Poly1305 Cryptographic Algorithms"] and JEP 330 ["Launch Single-File Source-Code Programs"]. I am excited about JEP 330, but that enthusiasm led me to blog on it when it was but a mere "draft" JEP (not even assigned to the 330 number at that point). The focus of the remainder of this post will therefore be on JEP 329.
The intent of JEP 329 is succinctly described in the JEP's "Summary" section: "Implement the ChaCha20 and ChaCha20-Poly1305 ciphers as specified in RFC 7539." That same "Summary" section also states, "ChaCha20 is a relatively new stream cipher that can replace the older, insecure RC4 stream cipher."
The RC4 (Rivest Cipher 4) stream cipher has already been disabled in major web browsers (early 2016) due to security risks:
- Disabled in Chrome 48 (and Chromium).
- Deprecated with Firefox 36 and removed altogether with Firefox 44.
- Disabled in Microsoft Edge and Internet Explorer 11 [KB3151631] for the stated reason that "there is consensus across the industry that the RC4 cipher is no longer cryptographically secure".
- Turned off for Opera 12.
The "Motivation" section of JEP 329 currently states:
The only other widely adopted stream cipher, RC4, has long been deemed insecure. The industry consensus is that ChaCha20-Poly1305 is secure at this point in time, and it has seen fairly wide adoption across TLS implementations as well as in other cryptographic protocols. The JDK needs to be on par with other cryptographic toolkits and TLS implementations.
It is worth noting this important caveat mentioned in JEP 329's "Non-Goals" section: "TLS cipher suite support will not be part of this JEP. TLS support for these ciphers will be part of a follow-on enhancement." For additional details, see JDK-8140466 : ChaCha20 and Poly1305 Cipher Suites.
The "Dependencies" section of JEP 329 states that its only dependency is on the "constant-time math APIs" embodied in JEP 324 (see my previous post for additional overview details).
JDK-8198925 : ChaCha20 and ChaCha20-Poly1305 Cipher Implementations provides additional and even lower-level details than JEP 329. For example, it provides the specification of the new class javax.crypto.spec.ChaCha20ParameterSpec
and its methods.
As of this writing, there are currently 8 JEPs targeted for JDK 11 and the 2 additional JEPs highlighted in this post's title are now proposed to target JDK 11, bringing the total number of JEPs targeted or likely to be targeted to JDK 11 to ten.
2 comments:
JEP 329 was targeted for JDK 11 on May 24 and JEP 330's review period has been extended to May 31 due to the "vigorous discussion" regarding this JEP that mostly centers on ability to specify a Unix-style shebang comment and providing "more distinct separation between Java source files (which end with a .java extension), and executable scripts (which do not use any such extension.)." The latter is also described as a "distinction ... between 'Java source file', and a separate notion of 'script that contains Java code' or 'platform-specific executable script'."
It was announced today that JEP 330 is now targeted for JDK 11.
Post a Comment