[enhancement] change cryptography related function

[kmahyyg]

A nonce is an arbitrary number used only once in a cryptographic communication, in the spirit of a nonce word. They are often random or pseudo-random numbers. Many nonces also include a timestamp to ensure exact timeliness, though this requires clock synchronization between organizations. The addition of a client nonce ("cnonce") helps to improve the security in some ways as implemented in digest access authentication. To ensure that a nonce is used only once, it should be time-variant (including a suitably fine-grained timestamp in its value), or generated with enough random bits to ensure a probabilistically insignificant chance of repeating a previously generated value. Some authors define pseudo-randomness (or unpredictability) as a requirement for a nonce.

So the nonce used for encryption should not be static, just as we described in #6 , we need to change it.

In order to generate a nonce, we must find a correct IV (Initialization Vector), and try to derive nonce from IV with time-variant or something else. This need to consistent since we use it to decrypt the data item storaged in our MongoDB.

To-do list:

• [ ] | Change config encryption.nonce to encryption.iv
• [ ] | Develop some time-variant methodology to generate nonce
• [ ] | Develop some algorithm to derive nonce from IV or Key or something else, and storaged to somewhere secure. The nonce must not be static and changed dynamically.

[kmahyyg]

I found another good idea from jcgee-boot:

https://github.com/zhangdaiscott/jeecg-boot/blob/aec00d9ba27c46b8480222f29caa3c548c119dd0/jeecg-boot/jeecg-boot-module-system/src/main/java/org/jeecg/modules/system/controller/SysUserController.java#L132-L156

Related Encryption Part:

https://github.com/zhangdaiscott/jeecg-boot/blob/aec00d9ba27c46b8480222f29caa3c548c119dd0/jeecg-boot/jeecg-boot-base/jeecg-boot-base-core/src/main/java/org/jeecg/common/util/PasswordUtil.java