Return-Path: 
 <dev-return-145932-apmail-commons-dev-archive=commons.apache.org@commons.apache.org>
X-Original-To: apmail-commons-dev-archive@www.apache.org
Delivered-To: apmail-commons-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 36FD210BE0
	for <apmail-commons-dev-archive@www.apache.org>;
 Wed, 23 Oct 2013 12:43:17 +0000 (UTC)
Received: (qmail 24800 invoked by uid 500); 23 Oct 2013 12:43:07 -0000
Delivered-To: apmail-commons-dev-archive@commons.apache.org
Received: (qmail 24662 invoked by uid 500); 23 Oct 2013 12:43:05 -0000
Mailing-List: contact dev-help@commons.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@commons.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@commons.apache.org>
List-Post: <mailto:dev@commons.apache.org>
List-Id: <dev.commons.apache.org>
Reply-To: "Commons Developers List" <dev@commons.apache.org>
Delivered-To: mailing list dev@commons.apache.org
Received: (qmail 24652 invoked by uid 99); 23 Oct 2013 12:43:03 -0000
Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Oct 2013 12:43:03 +0000
X-ASF-Spam-Status: No, hits=1.5 required=5.0
	tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS
X-Spam-Check-By: apache.org
Received-SPF: pass (nike.apache.org: domain of bgiles@coyotesong.com
 designates 209.85.223.170 as permitted sender)
Received: from [209.85.223.170] (HELO mail-ie0-f170.google.com)
 (209.85.223.170)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 23 Oct 2013 12:42:57 +0000
Received: by mail-ie0-f170.google.com with SMTP id at1so1199553iec.29
        for <dev@commons.apache.org>; Wed, 23 Oct 2013 05:42:35 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=coyotesong.com; s=google;
        h=mime-version:in-reply-to:references:from:date:message-id:subject:to
         :content-type;
        bh=ECUAaNnDYKlNNBC5Xt17rgY4vtEK4Qr28A5/phvXfWU=;
        b=bjqfE3Cx2KjjDNmKLglr1LEKbAb8QDPKha2zDairhylP7iE/+jizuer0gAobobrlp3
         T3MamY9218dCMoPTZkALrrfQX7qdYN23rTkvrgtAE5XBS34FJmMiaMHXYBnaaV3L1FkA
         QsUkXnVY0x+oRw5EMbM1WVPhtW7XEQPHq9qv0=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20130820;
        h=x-gm-message-state:mime-version:in-reply-to:references:from:date
         :message-id:subject:to:content-type;
        bh=ECUAaNnDYKlNNBC5Xt17rgY4vtEK4Qr28A5/phvXfWU=;
        b=NS0DwNdmnafu+rBM1GDrF5IqOJaf/stxRKORY20TR9sXQ/iyG21Cq5g/JSBkBWGwlI
         LTjGgoPK3wf/3wbw795rS0tCt/HiWqE72gn2KE3v6nMAGrqHNklLDaMiKDKTzoUGHST/
         hpAmABHccUof6mKemNFwN/toR2NX6BBmn52XPHQGk9el8zTLXTbjG5mBPkRrj9xxEKEg
         NrR351zwcOvZwWu6OAcvov2hMg6NaimToLUFq0d2FKLPN45bzWuR4U9RekyRMdWrqKmr
         V7Rc3FfmDMR7mIH5yBUon3kmI0gu3PJlT1HFtq2N8M94/1PstYGyTeOp8VwONRJjwM4z
         +cUw==
X-Gm-Message-State: 
 ALoCoQnYgxMNMoq1hXf7kHtixm9etiWNePxZHVgP2/uEQwZJcXaBQUuxMDHLacUBc8JWnSus45fX
X-Received: by 10.42.126.18 with SMTP id c18mr272000ics.46.1382532155513; Wed,
 23 Oct 2013 05:42:35 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.64.8.46 with HTTP; Wed, 23 Oct 2013 05:42:15 -0700 (PDT)
In-Reply-To: <87eh7cmeoz.fsf@v35516.1blu.de>
References: <87r4bcd1qj.fsf@v35516.1blu.de> <526782F2.4060905@apache.org>
 <87iowomjpa.fsf_-_@v35516.1blu.de> <l485hk$h69$1@ger.gmane.org>
 <87eh7cmeoz.fsf@v35516.1blu.de>
From: Bear Giles <bgiles@coyotesong.com>
Date: Wed, 23 Oct 2013 06:42:15 -0600
Message-ID: 
 <CALBNtw6S78RG2VNpd4v1V5XLO92L9Wr06aqHQ_jc6nJybCghvQ@mail.gmail.com>
Subject: Re: [compress] Strong Crypto in Tests
To: Commons Developers List <dev@commons.apache.org>
Content-Type: multipart/alternative; boundary=20cf3010e4df05303704e967da92
X-Virus-Checked: Checked by ClamAV on apache.org

--20cf3010e4df05303704e967da92
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Should that be PKCS7Padding? Or would that be worse - I don't recall if
it's one of the "must have" paddings in the spec.

http://crypto.stackexchange.com/questions/9043/what-is-the-difference-betwe=
en-pkcs5-padding-and-pkcs7-padding

In practice it's unlikely that a software-based crypto provider will be so
pedantic that it throws an exception if you try to use PKCS5 with a 256-bit
cipher but I'm not sure if that's true if it's a hardware-based crypto
provider. Anyone who springs for hardware will probably want something that
strictly complies with the spec and PKCS5 is only defined for 64-bit
ciphers.

Bear


On Wed, Oct 23, 2013 at 5:03 AM, Stefan Bodewig <bodewig@apache.org> wrote:

> On 2013-10-23, J=F6rg Schaible wrote:
>
> >  boolean supportedKeyLength(int keyLen) throws NoSuchAlgorithmException
> >  {
> >    if (Cipher.getMaxAllowedKeyLength("AES/ECB/PKCS5Padding") < keyLen) =
{
> >      System.err.println("WARNING: " + getName()
> >        + " not executed, environment does not support " + keyLen
> >        + "-bit keys for AES");
> >      return false;
> >    }
> >    return true;
>
> Looks a lot nicer than my "catch Exception" approach, thanks.
>
> Stefan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe@commons.apache.org
> For additional commands, e-mail: dev-help@commons.apache.org
>
>

--20cf3010e4df05303704e967da92--