PING: RFR: JDK-4347142: Need method to set Password protection to Zip entries

mark.reinhold at mark.reinhold at
Tue Apr 19 22:57:02 UTC 2016

2016/4/8 9:52:56 -0700, anthony.vanelverdinghe at
> I don't mind if decryption support is added for the "Traditional 
> Encryption". However, I believe it would be wrong to introduce 
> encryption support for a known-to-be-broken encryption method in the 
> JDK. Using the argument of "it's good enough for our case", I could also 
> argue that Base64 qualifies as an encryption method, or that SSLv2 is an 
> appropriate choice to secure network connections.

I have to agree.  I don't think it makes sense to add a known-vulnerable
encryption algorithm to the JDK.  It might work perfectly well for one
use case but it will eventually be used by someone who doesn't take the
time to understand it, assumes that it provides strong encryption when
it doesn't, gets burned, and then blames Java.

- Mark

More information about the core-libs-dev mailing list