Community
Participate
Working Groups
The Eclipse Secure Storage Advanced preference page defaults to 56-bit DES algorithm. This is too weak for encryption. A stronger algorithm should be the default to avoid sensitive user data being exposed. From the documentation: https://help.eclipse.org/2021-03/index.jsp?topic=%2Forg.eclipse.platform.doc.user%2Freference%2Fref-securestorage-start.htm&cp%3D0_4_3 > By default, the 56-bit DES algorithm is requested from the Java virtual machine.
What is the suggested new default?
(In reply to Thomas Watson from comment #1) > What is the suggested new default? According to Wikipedia: "56-bit DES encryption is now obsolete, having been replaced as a standard in 2002 by the 128-bit (and stronger) Advanced Encryption Standard." Please ask a security advisor for a sane default.
PBEwithHmacSHA512and256BitAES is the suggested new default from our security team