Hi, I did some additional work here https://github.com/apache/wicket/pull/462. I think now users have the means to adopt more robust and modern cryptographic algorithms for their applications so in my opinion we could merge the PR before starting a new release cycle.
What do you think? -- Andrea Del Bene. Apache Wicket committer.
