You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@wicket.apache.org by "ASF subversion and git services (Jira)" <ji...@apache.org> on 2022/11/18 11:01:00 UTC

[jira] [Commented] (WICKET-7016) Support GCM-SIV for page store encryption

    [ https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17635814#comment-17635814 ] 

ASF subversion and git services commented on WICKET-7016:
---------------------------------------------------------

Commit 7cb9c91f8f9fbdbabab900514b4306889fae8aaa in wicket's branch refs/heads/wicket-9.x from Emond Papegaaij
[ https://gitbox.apache.org/repos/asf?p=wicket.git;h=7cb9c91f8f ]

WICKET-7016: Add support for AES-GCM-SIV as cipher for page store encryption


> Support GCM-SIV for page store encryption
> -----------------------------------------
>
>                 Key: WICKET-7016
>                 URL: https://issues.apache.org/jira/browse/WICKET-7016
>             Project: Wicket
>          Issue Type: Improvement
>          Components: wicket-core
>    Affects Versions: 9.12.0
>            Reporter: Emond Papegaaij
>            Assignee: Emond Papegaaij
>            Priority: Minor
>
> The current ICrypter implementation uses AES-256 with CBC. Although this is still secure, GCM is now considered a better alternative. The big plus for GCM is the fact that it is an authenticated form of encryption: the encrypted data is verified with the key using a MAC. This makes the encrypted data tamper-proof. The downside of GCM is that it fails catastrophically if the nonce is reused for a certain key. This makes it dangerous to use random nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy Castle has a good GCM-SIV implementation (the JDK does not).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)