diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java b/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java
index 5e5376c652a..d614412b13b 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PBES1Core.java
@@ -47,7 +47,8 @@ final class PBES1Core {
     private final MessageDigest md;
     private final String algo;
     private byte[] salt = null;
-    private int iCount = 10;
+    // RFC 8018 and NIST SP 800-132 sec 5.2 recommend 1000 as the minimum
+    private int iCount = PKCS12PBECipherCore.DEFAULT_COUNT;
 
     // utility method for checking weak salts of PBEWithMD5AndTripleDES cipher
     private static boolean isWeak(byte[] s) {
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java b/src/java.base/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
index 7d2ba7f9831..517d7777287 100644
--- a/src/java.base/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/PKCS12PBECipherCore.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2025, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -53,7 +53,7 @@ final class PKCS12PBECipherCore {
     private int iCount = 0;
 
     private static final int DEFAULT_SALT_LENGTH = 20;
-    private static final int DEFAULT_COUNT = 1024;
+    static final int DEFAULT_COUNT = 1024;
 
     static final int CIPHER_KEY = 1;
     static final int CIPHER_IV = 2;