Default encryption scheme is suboptimal

[pavelhoral]

The default encryption scheme (end accompanied key derivation) in JCEEncryption is PBEWithMD5AndDES which is not optimal. Any leaked encrypted password can be reversed with a reasonable effort.

The following should be done:

• update the default to a more modern (safer) scheme (e.g. PBEWithHmacSHA256AndAES_256)
  • This MUST be done in a safe non-breaking way (i.e. upgrading existing deployment must not break).
• create Security Hardening chapter in documentation that will describe how to specify safer encryption and key derivation scheme
  • This should be done even if we are missing other documentation.
• come up with a way how the existing encryption scheme can be migrated to a newer one on existing deployments
  • We want to offer upgrade / migration path.