papegaaij commented on pull request #462: URL: https://github.com/apache/wicket/pull/462#issuecomment-776147295
`UnlimitedStrenghtJurisdictionPolicyCrypt` is much better wrt the algorithms used, however, the unpredictability of keys, salt and initialization vectors (iv) is even more important. It makes no sense to encrypt something with a key that can be guessed with just a couple of tries, no matter what algorithm you use. Unfortunately I'm very limited in time at the moment. We've got a very tight schedule at the moment. But IMHO, we should make sure not only the algorithms are up to date, but the input for the keys, salt and iv is secure random as well. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
