Open
Description
It was pointed out to me that Cloak supports both GCM mode and CTR mode. Since GCM mode is the more secure choice of the two (CTR is unauthenticated, and thus susceptible to malleability attacks), I wonder if it's worth including a recommendation to use GCM mode in both this project, and cloak_ecto?
I understand that you're probably not in a position to remove CTR support, for backwards compatibility reasons, but how do you feel about logging deprecation warnings if you detect CTR being configured? Since Cloak makes it easy to re-encrypt data with a new cipher, I think you'd be able to provide a nice migration path toward people securing their data more effectively.
Either way, thanks for the great library :)