68263RE: Encryption: Vim should use authenticated encryption mode
- Feb 15, 2013From: Ulrik
> Sent: February-14-13 1:00 PMI suspect the real problem is a weakness in Vim's blowfish
> The blowfish encryption mode is vulnerable (not to revelation of the
> plaintext), but the encryption is not checked for integrity or
But yes, I can reproduce this with gvim73_46.exe on
Win7 64-bit Enterprise.
> authenticity. This means that someone might corrupt the encrypted fileThis isn't supposed to happen. A strong encryption algorithm will
> (hexedit or similar), and vim will decrypt it without notice of error or
render completely different crypt text for even a single bit change in
the plaintext, and, a single bit change in the crypt text is supposed
to decrypt to corrupt plaintext.
> This attack allows someone to modfiy encrypted files so that the ownerAgreed that someone can modify a VimCrypt file and have the
> doesn't notice. With sufficient tries or skill it might be possible to
> change a file's values in a predictable way at a certain offset.
modification propagate into the plain text. However, for this to be a
useful attack I think that the plaintext already needs to be known
which is unlikely, and if it is known, given the plaintext and the
crypttext, it won't take to long to find the key, and then you can
make all the changes you want.
I'm more concerned that this indicates there is a bug in Vim's
blowfish implementation and that will allow keys to be recovered more
easily. *That's* a big problem.
> The solution is an authenticated encryption mode. The common way to doPerhaps, but only if this effect turns out to be endemic in blowfish
and not a result of the implementation. I feel strongly that we need
to examine the implementation first.
> key. This code will detect the previous attack case, and additionally itWhen the wrong password is entered the file decrypts to garbage, as it
> allows vim to detect that the wrong password was entered. Security
should. There's no need to through an error there. If the file is
corrupted (as per your test or disk failure or cosmic ray) then it is
supposed to decrypt to garbage.
I don't see a need for an authentication scheme, but then, I'm not a
security programmer by profession so I'm a novice and could be
You received this message from the "vim_dev" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
You received this message because you are subscribed to the Google Groups "vim_dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
For more options, visit https://groups.google.com/groups/opt_out.
- << Previous post in topic Next post in topic >>