[jira] [Updated] (WICKET-7016) Support GCM-SIV for page store encryption

[Emond Papegaaij (Jira)]

     [ 
https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Emond Papegaaij updated WICKET-7016:
------------------------------------
    Description: The current ICrypter implementation uses AES-256 with CBC. 
Although this is still secure, GCM is now considered a better alternative. The 
big plus for GCM is the fact that it is an authenticated form of encryption: 
the encrypted data is verified with the key using a MAC. This makes the 
encrypted data tamper-proof. The downside of GCM is that it fails 
catastrophically if the nonce is reused for a certain key. This makes it 
dangerous to use random nonces. GCM-SIV fixes this at the expense of a higher 
cost. Bouncy Castle has a good GCM-SIV implementation (the JDK does not).  
(was: The current ICrypter implementation uses AES-256 with CBC. Although this 
is still secure, GCM is now considered a better alternative. The big plus for 
GCM is the fact that it is an authenticated form of encryption: the encrypted 
data is verified with the key using a MAC. This makes the encrypted data 
tamper-proof. The downside of GCM is that it fails catastrophically if the 
nonce is reused for a certain key. This makes it dangerous to use random 
nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy 
Castle has a good GCM-SIV implementation (the JDK does not).)

> Support GCM-SIV for page store encryption
> -----------------------------------------
>
>                 Key: WICKET-7016
>                 URL: https://issues.apache.org/jira/browse/WICKET-7016
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket-core
>    Affects Versions: 9.12.0
>            Reporter: Emond Papegaaij
>            Assignee: Emond Papegaaij
>            Priority: Minor
>             Fix For: 10.0.0, 9.13.0
>
>
> The current ICrypter implementation uses AES-256 with CBC. Although this is 
> still secure, GCM is now considered a better alternative. The big plus for 
> GCM is the fact that it is an authenticated form of encryption: the encrypted 
> data is verified with the key using a MAC. This makes the encrypted data 
> tamper-proof. The downside of GCM is that it fails catastrophically if the 
> nonce is reused for a certain key. This makes it dangerous to use random 
> nonces. GCM-SIV fixes this at the expense of a higher cost. Bouncy Castle has 
> a good GCM-SIV implementation (the JDK does not).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)