Actually, the master key is encrypted with the size limit of 128bits due to the restriction of old java versions.
This restriction was lifted in Java 9 and 11, and after JDK8u162.
To improve security of all secrets in Jenkins, I purpose to increase the limit of this key.
Because all companies has different security policies, it might be nice to let the administrator of Jenkins choose wich algorithm he want to use to encrypt Jenkins secrets. Actually it is hard coded.
Would anyone have any opinion on that?
This improvement can be applied to the credentials-plugin too.
Update : relation with JENKINS-61373