perry-mitchell
commented
3 years ago It was not downgraded, nor changed. It's always been CBC, but we added GCM some time ago with the intention to change it. GCM doesn't offer any great benefit over CBC unless we implement the counter logic for it, which doesn't suit the static nature of our encrypted vaults. CBC is plenty strong for vault storage.
Why was the encryption downgraded from AES GCM to CBC?