[
https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Emond Papegaaij reassigned WICKET-7016:
---------------------------------------
Assignee: Emond Papegaaij
> Support GCM-SIV for page store encryption
> -----------------------------------------
>
> Key: WICKET-7016
> URL: https://issues.apache.org/jira/browse/WICKET-7016
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
> Affects Versions: 9.12.0
> Reporter: Emond Papegaaij
> Assignee: Emond Papegaaij
> Priority: Minor
>
> The current ICrypter implementation uses AES-256 with CBC. Although this is
> still secure, GCM is now considered a better alternative. The big plus for
> GCM is the fact that it is an authenticated form of encryption: the encrypted
> data is verified with the key using a MAC. This makes the encrypted data
> tamper-proof. The downside of GCM is that it fails catastrophically if the
> nonce is reused for a certain key. This makes it dangerous to use random
> nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy
> Castle has a good GCM-SIV implementation (the JDK does not).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
