[ https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emond Papegaaij reassigned WICKET-7016: --------------------------------------- Assignee: Emond Papegaaij > Support GCM-SIV for page store encryption > ----------------------------------------- > > Key: WICKET-7016 > URL: https://issues.apache.org/jira/browse/WICKET-7016 > Project: Wicket > Issue Type: Improvement > Components: wicket-core > Affects Versions: 9.12.0 > Reporter: Emond Papegaaij > Assignee: Emond Papegaaij > Priority: Minor > > The current ICrypter implementation uses AES-256 with CBC. Although this is > still secure, GCM is now considered a better alternative. The big plus for > GCM is the fact that it is an authenticated form of encryption: the encrypted > data is verified with the key using a MAC. This makes the encrypted data > tamper-proof. The downside of GCM is that it fails catastrophically if the > nonce is reused for a certain key. This makes it dangerous to use random > nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy > Castle has a good GCM-SIV implementation (the JDK does not). -- This message was sent by Atlassian Jira (v8.20.10#820010)