Java Cryptography Extension (JCE) Limited Strength Jurisdiction Policies
Because of US export regulations, default JVMs have http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#importlimits available to them. For example, AES operations are limited to 128 bit keys by default. While AES-128 is cryptographically safe, this can have unintended consequences, specifically on Password-based Encryption (PBE).
PBE is the process of deriving a cryptographic key for encryption or decryption from user-provided secret material, usually a password. Rather than a human remembering a (random-appearing) 32 or 64 character hexadecimal string, a password or passphrase is used.
A number of PBE algorithms provided by NiFi impose strict limits on the length of the password due to the underlying key length checks. Below is a table listing the maximum password length on a JVM with limited cryptographic strength.
| Algorithm | Max Password Length | 
|---|---|
| 
                         | 16 | 
| 
                         | 16 | 
| 
                         | 16 | 
| 
                         | 16 | 
| 
                         | 16 | 
| 
                         | 16 | 
| 
                         | 16 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 
| 
                         | 7 | 

