[
https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17686070#comment-17686070
]
ASF subversion and git services commented on WICKET-7016:
---------------------------------------------------------
Commit 210525f0ecd30794532b5ebebfbe677daf244517 in wicket's branch
refs/heads/remove-queuing from Emond Papegaaij
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=210525f0ec ]
WICKET-7016: Add support for AES-GCM-SIV as cipher for page store encryption
> Support GCM-SIV for page store encryption
> -----------------------------------------
>
> Key: WICKET-7016
> URL: https://issues.apache.org/jira/browse/WICKET-7016
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
> Affects Versions: 9.12.0
> Reporter: Emond Papegaaij
> Assignee: Emond Papegaaij
> Priority: Minor
> Fix For: 10.0.0, 9.13.0
>
>
> The current ICrypter implementation uses AES-256 with CBC. Although this is
> still secure, GCM is now considered a better alternative. The big plus for
> GCM is the fact that it is an authenticated form of encryption: the encrypted
> data is verified with the key using a MAC. This makes the encrypted data
> tamper-proof. The downside of GCM is that it fails catastrophically if the
> nonce is reused for a certain key. This makes it dangerous to use random
> nonces. GCM-SIV fixes this at the expense of a higher cost. Bouncy Castle has
> a good GCM-SIV implementation (the JDK does not).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
