Loading ...
Sorry, an error occurred while loading the content.

68263RE: Encryption: Vim should use authenticated encryption mode

Expand Messages
  • MacDonald, Stuart
    Feb 15 7:34 AM
    • 0 Attachment
      From: Ulrik
      > Sent: February-14-13 1:00 PM
      > The blowfish encryption mode is vulnerable (not to revelation of the
      > plaintext), but the encryption is not checked for integrity or

      I suspect the real problem is a weakness in Vim's blowfish
      implementation.

      But yes, I can reproduce this with gvim73_46.exe on
      Win7 64-bit Enterprise.

      > authenticity. This means that someone might corrupt the encrypted file
      > (hexedit or similar), and vim will decrypt it without notice of error or
      > warning.

      This isn't supposed to happen. A strong encryption algorithm will
      render completely different crypt text for even a single bit change in
      the plaintext, and, a single bit change in the crypt text is supposed
      to decrypt to corrupt plaintext.

      > This attack allows someone to modfiy encrypted files so that the owner
      > doesn't notice. With sufficient tries or skill it might be possible to
      > change a file's values in a predictable way at a certain offset.

      Agreed that someone can modify a VimCrypt file and have the
      modification propagate into the plain text. However, for this to be a
      useful attack I think that the plaintext already needs to be known
      which is unlikely, and if it is known, given the plaintext and the
      crypttext, it won't take to long to find the key, and then you can
      make all the changes you want.

      I'm more concerned that this indicates there is a bug in Vim's
      blowfish implementation and that will allow keys to be recovered more
      easily. *That's* a big problem.

      > The solution is an authenticated encryption mode. The common way to do

      Perhaps, but only if this effect turns out to be endemic in blowfish
      and not a result of the implementation. I feel strongly that we need
      to examine the implementation first.

      > key. This code will detect the previous attack case, and additionally it
      > allows vim to detect that the wrong password was entered. Security

      When the wrong password is entered the file decrypts to garbage, as it
      should. There's no need to through an error there. If the file is
      corrupted (as per your test or disk failure or cosmic ray) then it is
      supposed to decrypt to garbage.

      I don't see a need for an authentication scheme, but then, I'm not a
      security programmer by profession so I'm a novice and could be
      incorrect.

      ...Stu

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/groups/opt_out.
    • Show all 22 messages in this topic