On Wed, Jun 2, 2010 at 12:44 PM, Richard Hartmann <[email protected]> wrote: > On Mon, May 31, 2010 at 20:06, Mosh <[email protected]> wrote: > > >> http://en.wikipedia.org/wiki/Key_strengthening > > >> The salt is a random number concatenated to the password to create a >> one time key. > > Everything else being equal, it makes (slightly) more sense to prefix > the salt, not to suffix it. > Obviously, this is more important with ciphers than with hashes, but > the basic point remains. > > >> This prevents someone from precomputing keys (dictionary), >> because the salt is a different in each file. > > Ideally, the salt would change every time the file is saved.
This is already the case, both the salt[8 bytes] and iv[8 bytes] are generated before each write/save file. To see it, save the file blowfish encrypted twice, and diff the hex dumps, e.g. $ vim edit some text .. and switch to new cryptmethod. :X pass :sav x :sav y :wq od -c x > x1 od -c y > y1 vim -d x1 y1 almost all bytes will differ, except 12 byte signature. > > > Another trick, especially as there is no integrity control in > Vim's encryption, would be to have an ever-changing prefix > _within_ the file, perhaps even with unprintable bytecodes. I wrote some code to do this, but didn't add it to vim: [header] [random string of random size][encrypted file][integrity checksum][random string of random size] > That would make the typical high-speed attacks (only decrypt > the first few bytes and go to the next key if you encounter > any non-char sequences) a lot harder. On the other hand, > this only works for files that are meant for humans and/or > that are very liberal when parsing input. > > > Richard > > -- > You received this message from the "vim_dev" maillist. > Do not top-post! Type your reply below the text you are replying to. > For more information, visit http://www.vim.org/maillist.php > -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
