Loading ...
Sorry, an error occurred while loading the content.

68348Re: Encryption: Vim should use authenticated encryption mode

Expand Messages
  • Ben Fritz
    Feb 18, 2013
      On Saturday, February 16, 2013 7:25:54 PM UTC-6, Ulrik wrote:
      > On 2013-02-16 18:16, Bram Moolenaar wrote:
      >
      > > The whole point of the encryption is to make the text unreadable. It is
      >
      > > not a signature of any kind. Signing files, encrypted or not, is a
      >
      > > totally different thing and there are plenty of tools for that.
      >
      > >
      >
      >
      >
      > The type of the attack is that if you XOR a value with the ciphertext,
      >
      > the same XOR difference shows in the decrypted text. Knowing a small
      >
      > part of the plaintext is not a big requirement on an attack as simple as
      >
      > this one.
      >
      >

      I still don't think preventing this kind of attack is within the scope of Vim's encryption.

      >
      > I understand that Vim only wants to provide confidentiality, not
      >
      > integrity, but taken together with the usability issue of not giving
      >
      > notice of a wrong password, I don't understand the choice. I don't enjoy
      >
      > the possibility given that I might absent-mindedly type :w when getting
      >
      > the garbage output after a mistyped password, destroying my data.
      >
      >

      But I think THIS is an excellent argument for your proposed feature. If we can easily protect the user from accidentally corrupting their important file, then it is a very good idea. There is already checksum code within Vim for the undo file...I think it uses some sort of SHA algorithm. I don't think this should be too hard to implement.

      I think :w! should force a write even though the checksum is wrong just in case somebody is doing something kooky intentionally, but :w with a mismatched checksum should give an error.

      As somebody mentioned, the encryption already stores a version flag in the file, so this should be a backwards compatible change.

      Should a file which was read without the checksum, also be written without one? I normally wouldn't think so, but perhaps it would be best to prevent that older Vims can't read the file after editing it in a newer Vim.

      A recent patch also added a vimscript function to get the checksum, I wonder if that could be used to do this as a plugin. I think it would be better built-in however.

      --
      --
      You received this message from the "vim_dev" maillist.
      Do not top-post! Type your reply below the text you are replying to.
      For more information, visit http://www.vim.org/maillist.php

      ---
      You received this message because you are subscribed to the Google Groups "vim_dev" group.
      To unsubscribe from this group and stop receiving emails from it, send an email to vim_dev+unsubscribe@....
      For more options, visit https://groups.google.com/groups/opt_out.
    • Show all 22 messages in this topic