Christian Robinson wrote: > On Tue, 20 Jul 2010, Bram Moolenaar wrote: > > > I have just submitted a patch that changes the 'cryptmethod' option > > from local to a buffer to global-local. This makes it possible to > > set a default value for new files in your vimrc file. > > This works for me, thank you. > > > Since the number value was cryptic anyway, I changed the > > 'cryptmethod' option to a string, with values "zip" and "blowfish". > > I noticed this when I got an error after doing a pull/update and > recompile this morning. I definitely prefer it this way. > > > I just noticed a potential problem--I'm not sure whether to call it a > bug: > > - Create a new buffer with some content > - With 'cryptmethod' set to "blowfish" (I did not test with "zip") > encrypt the file (:X) > - Write the file > - Do ":X" again and enter a new password > - Without writing, do ":e" > > It appears Vim attempts to decrypt the file with the new key, but it > hasn't actually been written with that key so you just see garbage. > > Before I realized what had happened I thought I'd lost a file (no big > deal, I just went to my backup).
You don't look at the text after doing ":e"? I think it's obvious that something went wrong, thus writing the text is unlikely to happen. > It would be my preference that the buffer gets tagged as modified > whenever the encryption key gets changed, but I realize there may have > been a reason for the existing behavior. It's been a choice for quite a while that a file doesn't get marked as modified when 'key' or 'cryptmethod' is changed. Changing the behavior now will surprise users. > Also, the information for the "file" command's magic file under ":help > :X" needs to be updated. This worked for me (without the leading > spaces, of course): > > 0 string VimCrypt~ Vim encrypted file > >9 string 01 - "zip" cryptmethod > >9 string 02 - "blowfish" cryptmethod > > The descriptions should perhaps be more explanatory, possibly > including Vim version compatibility. I wonder what systems support that ">9" notation. I can at least add this to the documentation. > Now that this appears to be working fairly well, I intend to switch > from using GPG/PGP to encrypt some of my "secure" files to Vim's > blowfish cryptmethod. It's a lot more convenient and "good enough" > for most things. > > I realize it hasn't had time to be thoroughly vetted for problems, but > I'm only switching for stuff that isn't "too" important, the rest will > remain encrypted with GPG. (I certainly wasn't willing to trust the > zip cryptmethod even for fairly trivial stuff; if I'm going to encrypt > anything at all, I at least want to avoid an encryption scheme that is > known to be "broken".) I wonder how we verify that the encryption works properly. Is there some user group that inspects encryption code perhaps? Despite "zip" to be "broken" I haven't hear of anyone being able to crack a password. -- Q: What's orange and sounds like a parrot? A: A carrot /// Bram Moolenaar -- [email protected] -- http://www.Moolenaar.net \\\ /// sponsor Vim, vote for features -- http://www.Vim.org/sponsor/ \\\ \\\ download, build and distribute -- http://www.A-A-P.org /// \\\ help me help AIDS victims -- http://ICCF-Holland.org /// -- You received this message from the "vim_dev" maillist. Do not top-post! Type your reply below the text you are replying to. For more information, visit http://www.vim.org/maillist.php
