Re: Re: Re: Re: Re: why not vim7.4 have blowfish2

On Thursday, February 5, 2015 at 9:10:36 PM UTC-6, might1 wrote:
>
> In my humble opinion, the next thing to do is to enhance vim's encryption. It
> could implement more encrypt methods like CAST5, TWOFISH, AES256 etc.

Why?

Vim's blowfish2 encryption method is already a strong encryption method. Adding
more methods serves little purpose, and the implementation of each method could
easily come with its own flaws. The original Vim blowfish method was weak not
because of the algorithm but because of a flaw in the implementation, if I
recall correctly. There are probably a very small number of cryptography experts
contributing to the Vim source code.

> One studpid feature is that vim prepends a 'magic string' --- 'VimCrypt~..' on
> the encrypted file, which is COMPLETELY no use except for telling crackers
> that it is encrypted with vim and its encrypt method. Vim encrypted file
> should get rid of any thing that would reveal it is vim encrypted and its
> encrypt method.

This suggestion serves even less purpose than the current implementation. A
strong encryption system like Blowfish remains strong even with knowledge of the
system used for encryption. You are suggesting that Vim add a layer of "security
through obscurity" which has proven time and time again to be grossly
insufficient in the computer age. And at what cost? Without this magic text, Vim
does not know immediately that the file is encrypted.

Plenty of file formats tell the user exactly what was used to encrypt, for
example encryption in zip files.

> Then, how to read it back? Vim will never know if it is vim
> encrypted and the encrypt method. It is easy. First, vim will read in an
> encrypted file and display a mess with binary mode. Sceond, the user inputs
> command like ':Z blowfish' or ':Z cast5' in vim, which tells vim to decrypt
> the mess with blowfish or cast5. If that file is not vim encrypted but an real
> executable or user has inputted a wrong key, vim still uses that key to
> decrypt and another mess would display. This will greatly improve the
> robustness of vim encrypted file. By enhancing its encryption in this way, vim
> could greatly spread over the world and other editors become truly nothing.
> Vim becomes a weapon with deity.
>

I doubt very much anyone would decide to use or not use Vim based solely on its
encryption capabilities.

--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php

---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.