You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@wicket.apache.org by "Emond Papegaaij (Jira)" <ji...@apache.org> on 2022/11/18 11:07:00 UTC
[jira] [Resolved] (WICKET-7016) Support GCM-SIV for page store encryption
[ https://issues.apache.org/jira/browse/WICKET-7016?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Emond Papegaaij resolved WICKET-7016.
-------------------------------------
Fix Version/s: 10.0.0
9.13.0
Resolution: Fixed
> Support GCM-SIV for page store encryption
> -----------------------------------------
>
> Key: WICKET-7016
> URL: https://issues.apache.org/jira/browse/WICKET-7016
> Project: Wicket
> Issue Type: Improvement
> Components: wicket-core
> Affects Versions: 9.12.0
> Reporter: Emond Papegaaij
> Assignee: Emond Papegaaij
> Priority: Minor
> Fix For: 10.0.0, 9.13.0
>
>
> The current ICrypter implementation uses AES-256 with CBC. Although this is still secure, GCM is now considered a better alternative. The big plus for GCM is the fact that it is an authenticated form of encryption: the encrypted data is verified with the key using a MAC. This makes the encrypted data tamper-proof. The downside of GCM is that it fails catastrophically if the nonce is reused for a certain key. This makes it dangerous to use random nonces. GCM-SIV fixes this at the expense of a slightly higher cost. Bouncy Castle has a good GCM-SIV implementation (the JDK does not).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)