buttercup / buttercup-core

:tophat: The mighty NodeJS password vault
http://buttercup.pw/
MIT License
469 stars 57 forks source link

Encryption #301

Closed xowu closed 3 years ago

xowu commented 3 years ago

Why was the encryption downgraded from AES GCM to CBC?

perry-mitchell commented 3 years ago

It was not downgraded, nor changed. It's always been CBC, but we added GCM some time ago with the intention to change it. GCM doesn't offer any great benefit over CBC unless we implement the counter logic for it, which doesn't suit the static nature of our encrypted vaults. CBC is plenty strong for vault storage.