You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2022/11/18 10:50:00 UTC
[jira] [Assigned] (WICKET-7016) Support GCM-SIV for page store encryption
[ https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emond Papegaaij reassigned WICKET-7016:
---------------------------------------
Assignee: Emond Papegaaij
> Support GCM-SIV for page store encryption
> -----------------------------------------
>
> Key: WICKET-7016
> URL: https://issues.apache.org/jira/browse/WICKET-7016
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
> Affects Versions: 9.12.0
> Reporter: Emond Papegaaij
> Assignee: Emond Papegaaij
> Priority: Minor
>
> The current ICrypter implementation uses AES-256 with CBC. Although this is still secure, GCM is now considered a better alternative. The big plus for GCM is the fact that it is an authenticated form of encryption: the encrypted data is verified with the key using a MAC. This makes the encrypted data tamper-proof. The downside of GCM is that it fails catastrophically if the nonce is reused for a certain key. This makes it dangerous to use random nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy Castle has a good GCM-SIV implementation (the JDK does not).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)