Dear Vimmers:
Because of the interesting vim encryption capability, I tried both vim 7.4.608 downloaded from http://sourceforge.net/projects/cream/files/Vim/ and vim 7.4 downloaded from www.vim.org. I tried both of vim 7.4.608's blowfish2 and vim 7.4's blowfish, all failed to encrypt a large text file(24MB). The platform is Windows XP 32bit. At first time, I got an error of many lines 'E831: bf_key_init()...empty password' but I really had entered password twice. Then I quitted and re-opened that big file, the encryption appeared successful without error out. But the encrypted file both growed to over 100MB. After decryption, its size remained over 100MB, which was nearly entirely different from the original except that several head lines are same. When I tried a small text file(about 1MB), the encryption and decryption are both ok. So, if there is a file size limit for vim to encrypt with blowfish[2]? I attached(is that possible?) that compressed big file whose size is now about 4MB for you to test.
It seems that it is far for vim to be encryption safe.
Mr. Fritz wrote:
> I doubt very much anyone would decide to use or not use Vim based solely on its encryption capabilities.
Vim has been a very very greatly excellent editor. If strong encryption mehtods were integrated into it, vim will certainly spread more as people often need to encrypt what they write like diary, project plans. The good encryption in vim could eliminate the needs of users having to seek another encryption tool like GPG and trust it, install it and learn it.
> Vim's blowfish2 encryption method is already a strong encryption method. Adding more methods serves little purpose.
At least one more strong encryption method should be implemented in vim. How about encrypting with one strong method an encrypted file that has already been encryted with another strong one, in which case user must prepare two differrent passwords for those two methods respectively? In this way, we can avoid attackers analysing the text after decryption to see if it looks like words.
> And at what cost? Without this magic text, Vim does not know immediately that the file is encrypted.
And Mr. Moolenaar the Vim author wrote:
> If you would really want this, I think we would need a special option for that. The user would then have to enter both the password and the crypt method.
Vim should add an option, say, 'set magicstring' and 'set nomagicstring' to toggle if prepend the magic string to encrypted file. The default is 'set magicstring'. User could input, say, ':Z blowfish' in vim and be prompted for password to decrypt. Also, user could just input ':Z' to decrypt with default method, which can be set in vimrc. In a nut shell, it should be up to user how to encrypt and decrypt.
Best wishes,
Tora (Tiger in Japanese)
Because of the interesting vim encryption capability, I tried both vim 7.4.608 downloaded from http://sourceforge.net/projects/cream/files/Vim/ and vim 7.4 downloaded from www.vim.org. I tried both of vim 7.4.608's blowfish2 and vim 7.4's blowfish, all failed to encrypt a large text file(24MB). The platform is Windows XP 32bit. At first time, I got an error of many lines 'E831: bf_key_init()...empty password' but I really had entered password twice. Then I quitted and re-opened that big file, the encryption appeared successful without error out. But the encrypted file both growed to over 100MB. After decryption, its size remained over 100MB, which was nearly entirely different from the original except that several head lines are same. When I tried a small text file(about 1MB), the encryption and decryption are both ok. So, if there is a file size limit for vim to encrypt with blowfish[2]? I attached(is that possible?) that compressed big file whose size is now about 4MB for you to test.
It seems that it is far for vim to be encryption safe.
Mr. Fritz wrote:
> I doubt very much anyone would decide to use or not use Vim based solely on its encryption capabilities.
Vim has been a very very greatly excellent editor. If strong encryption mehtods were integrated into it, vim will certainly spread more as people often need to encrypt what they write like diary, project plans. The good encryption in vim could eliminate the needs of users having to seek another encryption tool like GPG and trust it, install it and learn it.
> Vim's blowfish2 encryption method is already a strong encryption method. Adding more methods serves little purpose.
At least one more strong encryption method should be implemented in vim. How about encrypting with one strong method an encrypted file that has already been encryted with another strong one, in which case user must prepare two differrent passwords for those two methods respectively? In this way, we can avoid attackers analysing the text after decryption to see if it looks like words.
> And at what cost? Without this magic text, Vim does not know immediately that the file is encrypted.
And Mr. Moolenaar the Vim author wrote:
> If you would really want this, I think we would need a special option for that. The user would then have to enter both the password and the crypt method.
Vim should add an option, say, 'set magicstring' and 'set nomagicstring' to toggle if prepend the magic string to encrypted file. The default is 'set magicstring'. User could input, say, ':Z blowfish' in vim and be prompted for password to decrypt. Also, user could just input ':Z' to decrypt with default method, which can be set in vimrc. In a nut shell, it should be up to user how to encrypt and decrypt.
Best wishes,
Tora (Tiger in Japanese)
--
--
You received this message from the "vim_use" maillist.
Do not top-post! Type your reply below the text you are replying to.
For more information, visit http://www.vim.org/maillist.php
---
You received this message because you are subscribed to the Google Groups "vim_use" group.
To unsubscribe from this group and stop receiving emails from it, send an email to vim_use+unsubscribe@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
No comments:
Post a Comment