You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@poi.apache.org by Andreas Beeker <an...@gmx.de> on 2014/04/21 22:21:56 UTC
RC4 class obsolete?
Hi,
I'm currently playing around with xor encryption and as a preparation,
I've had a look at the current RC4 implementation (Biff8DecryptingStream & Co.).
I've replaced the proprietary RC4-cipher with the JCE-default implementation,
but I'm not sure, if there's a reason (apart of never-change-a-running-system) to keep it -
especially as the POI-RC4 is tested against the JCE-impl. in the junit tests.
The bug entry #47652 is not mentioning something about it ...
Before I commit my changes, maybe someone can shed a light on it?
Thanks,
Andi.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: RC4 class obsolete?
Posted by Andreas Beeker <an...@gmx.de>.
On 22.04.2014 21:10, Nick Burch wrote:
>
> Any chance you chould check what Java version we required at the time we added the RC4 support, and compare that to which Java version introduced RC4 support via JCE?
>
>
The JCE was introduced with JDK 1.4 (starting from 2002).
The check-in was 2009 as part of the 3.5 release.
I haven't found any explicit comments in the changes file, as of when which minimum-version of the jdk was supported.
I thought, I could reason about the jdk version based on xml-beans support, but this is also not so clear.
So in the end, I guess it's ok, to replace it.
Pro: use of standard library
Con: maybe a performance hit, but if performance would be an issue, it would make anyway more sense to replace the byte-wise calls with block-wise invocations
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org
Re: RC4 class obsolete?
Posted by Nick Burch <ap...@gagravarr.org>.
On Mon, 21 Apr 2014, Andreas Beeker wrote:
> I've replaced the proprietary RC4-cipher with the JCE-default
> implementation, but I'm not sure, if there's a reason (apart of
> never-change-a-running-system) to keep it - especially as the POI-RC4 is
> tested against the JCE-impl. in the junit tests.
Maybe we had to have it there in the past, when our minimum JDK version
was too old to include it?
Any chance you chould check what Java version we required at the time we
added the RC4 support, and compare that to which Java version introduced
RC4 support via JCE?
Nick
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org