News

Oracle Delays Plan to Block JAR Files Signed with MD5 until April

• By John K. Waters
• January 25, 2017

When Oracle Corp. publishes its next quarterly patch update in April, the company will begin treating JAR files signed with the MD5 hashing algorithm as unsigned, the company announced. As of April 18, all versions of the Java Runtime Environment (JRE) will consider those files unsigned and insecure, and they will not be able to run by default, the company said.

The MD5 hash function produces a 128-bit hash value and was once widely used by developers to authenticate or "sign" their JAR files. But in the early 2000s, attackers found they could forge MD5 signatures by providing two different inputs and obtain the same output hash.

Oracle removed MD5 as a default code-signing option with the Java SE 6 release, and many consider its deprecation long overdue. In fact, the company had planned to make this change with the January Critical Patch Update (CPU), announced last week. But in response to demand from its customers and the Java community for more time to prepare for the change, Oracle rescheduled.

In an updated blog post originally published in October 2016, Erik Costlow, product manager in Oracle's Java Platform Group, wrote, "This change in the JRE behavior is required because MD5 is no longer considered secure and is widely considered unsuitable for security use."

"It is critical that weak hashing algorithms (such as MD5) be deprecated when they are known to be weak so as to maintain the trust in the verification mechanism they provide," Costlow continued.

This change affecting MD5-signed JARS will be enabled by default with the release of Oracle Java SE 8u131 (due with the next CPU in April), and the releases of Oracle Java SE 7, Oracle Java SE 6, and Oracle JRockit R28.

"In order to prepare for this upcoming change, developers need to verify that their JAR files have not been signed using MD5," Costlow wrote. "You can do this with your own JARs by verifying your build process signs JARs using Java 6 or later without having deliberately chosen MD5. If you are using JARS you did not sign or build yourself, you need to contact your vendor for more information. If it can no longer be established if a JAR you are using has been signed with MD5, the recommended practice is to re-sign affected JAR files using a more modern algorithm...."

Oracle also pointed to its new, developer-oriented cryptographic Web site, where it publishes its plans for changes to the security algorithms and associated policies/settings in JRE and Java SE Development Kit.