[ https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emond Papegaaij resolved WICKET-7016. ------------------------------------- Fix Version/s: 10.0.0 9.13.0 Resolution: Fixed > Support GCM-SIV for page store encryption > ----------------------------------------- > > Key: WICKET-7016 > URL: https://issues.apache.org/jira/browse/WICKET-7016 > Project: Wicket > Issue Type: Improvement > Components: wicket-core > Affects Versions: 9.12.0 > Reporter: Emond Papegaaij > Assignee: Emond Papegaaij > Priority: Minor > Fix For: 10.0.0, 9.13.0 > > > The current ICrypter implementation uses AES-256 with CBC. Although this is > still secure, GCM is now considered a better alternative. The big plus for > GCM is the fact that it is an authenticated form of encryption: the encrypted > data is verified with the key using a MAC. This makes the encrypted data > tamper-proof. The downside of GCM is that it fails catastrophically if the > nonce is reused for a certain key. This makes it dangerous to use random > nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy > Castle has a good GCM-SIV implementation (the JDK does not). -- This message was sent by Atlassian Jira (v8.20.10#820010)