GeneratePBKDFKey algorithms

I am in the process of revisiting all of my crypto / security routines which caused me to come upon the function GeneratePBKDFKey(). Currently only the algorithm PBKDF2WithHmacSHA1 is supported. I reviewed the code on github and the documentation. These two items are not in-sync. There are a number of other algorithms listed in the documentation.

  • PBKDF2WithSHA1
  • PBKDF2WithSHA224
  • PBKDF2WithSHA256
  • PBKDF2WithSHA384
  • PBKDF2WithSHA512

According to this ticket LDEV-256 the reason was the security provider did not support more algorithms.

My question is this still the case? Doesn’t Bouncy Castle handle most of these functions and offer other options like Argon2?

According to the Adobe ColdFusion docs for GeneratePBKDFKey CF11 supports a number of algorithms on standard and enterprise versions.

Can you file a new bug in jira and link it back to the old task, add the label acf-compat too?

Looks like bouncycastle needs updating too, current version is 1.52.0 from 2016, latest is 1.64.0, released October 7th 2019.

Tickets created: